11 lines
No EOL
597 B
Text
11 lines
No EOL
597 B
Text
source: http://www.securityfocus.com/bid/53761/info
|
|
|
|
TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability.
|
|
|
|
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
|
|
|
|
TinyCMS 1.3 is vulnerable; other versions may also be affected.
|
|
|
|
<form action='http://www.example.com/admin/admin.php?view=admin&do=../../../../[ LFI ]%00' method='post'>
|
|
<input type='submit' value='Get/Include Local File'>
|
|
</form> |