Intrusion Prevention



Etomite CMS has an arbitrary file-upload vulnerability. A remote attacker could execute arbitrary commands or php code on the system with the privileges of the service, by uploading a malicious image file with a specially crafted HTTP POST request to rfiles.php and changing the file extension to .PHP.

Affected Products

Etomite Content Management System 0.6.1 and earlier


Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References