At a glance:
| ID | 13816 |
| Created | Jan 17, 2007 |
| Updated | Apr 23, 2014 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | pass |
| Active |
|
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |
Legend
| Enabled/Available | 
|
| Disabled/Not Avaliable |
|
Refine Search
Intrusion Prevention
Etomite.CMS.Rfiles.PHP.Arbitrary.File.Upload
Description
Etomite CMS has an arbitrary file-upload vulnerability. A remote attacker could execute arbitrary commands or php code on the system with the privileges of the service, by uploading a malicious image file with a specially crafted HTTP POST request to rfiles.php and changing the file extension to .PHP.
Affected Products
Etomite Content Management System 0.6.1 and earlier
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.etomite.org/