Vulnerabilities > CVE-2009-1659 - Arbitrary File Upload and Authentication Bypass vulnerability in Intelliants Elitius 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | eLitius 1.0 Remote Command Execution Exploit. CVE-2009-1659. Webapps exploit for php platform |
| file | exploits/php/webapps/8603.php |
| id | EDB-ID:8603 |
| last seen | 2016-02-01 |
| modified | 2009-05-04 |
| platform | php |
| port | |
| published | 2009-05-04 |
| reporter | G4N0K |
| source | https://www.exploit-db.com/download/8603/ |
| title | eLitius 1.0 - Remote Command Execution Exploit |
| type | webapps |