[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic



2010/4/18 MustLive <mustlive@xxxxxxxxxxxxxxxxxx>:
>
> Command Execution:
>
> It's possible to upload arbitrary files (shell upload) via module âBanner
> systemâ in admin panel.
>

This is not a command execution vulnerability but an arbitrary file
upload vulnerability with very very low risk (you need to know the
access to the control panel). Many web hosting provider doesn't allow
an user to execute commands using the classic functions, such as
system, shell_execute and others.


-- 
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351