Jupiter CMS 1.1.4/1.1.5 - 'galleryuploadfunction.php' Arbitrary File Upload

EDB-ID:

28581




Platform:

PHP

Date:

2006-09-15


source: https://www.securityfocus.com/bid/20048/info

Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. 

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.

Upload any picture to their gallery http://www.example.com/modules/galleryuploadfunction.php picture path will be gallery/albums/public/name.ext