MOAUB #28 - AtomatiCMS Upload Arbitrary File Vulnerability

2010-09-28 13:15:11

# Title : AtomatiCMS Upload arbitrary file Vulnerability
# Author : abysssec.com
# Published : 2010-08-4



Abysssec Inc Public Advisory


Title : AtomatiCMS Upload Arbitrary File Vulnerability
Affected Version : AtomatiCMS 10_all
Discovery : www.abysssec.com
Vendor : http://www.atomaticsoftware.com
Download Links : http://sourceforge.net/projects/atomaticms/

http://www.exploit-db.com/moaub-28-atomaticms-upload-arbitrary-file-vulnerability/

Description :
===========================================================================================
This version of AtomatiCMS have Upload arbitrary file Vulnerability with fckEditor
in this Paths:

http://Example.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
http://Example.com/FCKeditor/editor/filemanager/upload/test.html


Which your files will be in this path:
.../UserFiles/



===========================================================================================

Fixes

No fixes

In order to submit a new fix you need to be registered.