Intrusion Prevention
Etomite.CMS.Rfiles.PHP.Arbitrary.File.Upload
Description
Etomite CMS has an arbitrary file-upload vulnerability. A remote attacker could execute arbitrary commands or php code on the system with the privileges of the service, by uploading a malicious image file with a specially crafted HTTP POST request to rfiles.php and changing the file extension to .PHP.
Affected Products
Etomite Content Management System 0.6.1 and earlier
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.etomite.org/