Bugtraq mailing list archives
Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic
From: Salvatore Fresta aka Drosophila <drosophilaxxx () gmail com>
Date: Mon, 19 Apr 2010 21:12:05 +0200
2010/4/18 MustLive <mustlive () websecurity com ua>:
Command Execution: It's possible to upload arbitrary files (shell upload) via module “Banner system” in admin panel.
This is not a command execution vulnerability but an arbitrary file upload vulnerability with very very low risk (you need to know the access to the control panel). Many web hosting provider doesn't allow an user to execute commands using the classic functions, such as system, shell_execute and others. -- Salvatore Fresta aka Drosophila http://www.salvatorefresta.net CWNP444351
Current thread:
- [Suspected Spam]New vulnerabilities in CMS SiteLogic MustLive (Apr 19)
- Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 20)
- Re: New vulnerabilities in CMS SiteLogic MustLive (Apr 26)
- Message not available
- New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 26)
- Re: New vulnerabilities in CMS SiteLogic MustLive (Apr 26)
- Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic Salvatore Fresta aka Drosophila (Apr 20)