10 lines
No EOL
595 B
Text
10 lines
No EOL
595 B
Text
source: http://www.securityfocus.com/bid/47970/info
|
|
|
|
MidiCMS Website Builder is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability.
|
|
|
|
An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information.
|
|
|
|
MidiCMS Website Builder 2011 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/admin/jscripts/tiny_mce/plugins/ezfilemanager/index.php
|
|
http://www.example.com/?html=../../../../../../../../../../boot.ini%00 |