XHP CMS Version <= 0.5 File Upload Vulnerability Network Vulnerability

Summary

The remote webserver is hosting a PHP script which is vulnerable to a unrestricted file upload flaw. Description : XHP CMS is installed on the remote system. The installed application does not authenticate users to access the FileManager scripts located at: '/inc/htmlarea/plugins/FileManager/manager.php' and '/inc/htmlarea/plugins/FileManager/standalonemanager.php' This allows an attacker to upload content to the webserver, and execute arbitrary commands with privileges of the webserver account.

Solution

Upgrade to version 0.51 or a newer release.

References

http://www.securityfocus.com/bid/17209
http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-1371

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
b2ePMS Multiple SQL Injection Vulnerabilities
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
ATutor password reminder SQL injection
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities