Vulnerabilities > CVE-2009-1615 - Unspecified vulnerability in Gowondesigns Leap 0.1.4

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
gowondesigns
exploit available

Summary

Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.

Vulnerable Configurations

Part Description Count
Application
Gowondesigns
1

Exploit-Db

descriptionLeap CMS 0.1.4 (SQL/XSS/SU) Multiple Remote Vulnerabilities. CVE-2009-1613,CVE-2009-1614,CVE-2009-1615. Webapps exploit for php platform
fileexploits/php/webapps/8577.txt
idEDB-ID:8577
last seen2016-02-01
modified2009-04-30
platformphp
port
published2009-04-30
reporterYEnH4ckEr
sourcehttps://www.exploit-db.com/download/8577/
titleleap CMS 0.1.4 sql/xss/su Multiple Vulnerabilities
typewebapps