Vulnerabilities > CVE-2010-1514 - Multiple Security vulnerability in TomatoCMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
tomatocms
Summary
Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 40544 CVE ID: CVE-2010-1514,CVE-2010-1515 TomatoCMS是一款开源的内容管理系统。 在向TomatoCMS添加新文章时没有对所上传的文件执行重复的验证,拥有Add new article、Upload file to server和Browse uploaded files权限的用户可以向服务器上传并执行恶意文件。 TomatoCMS没有正确地过滤提交给index.php/admin/news/article/list页面的keyword和article- id参数、提交给index.php/admin/multimedia/set/list页面的keyword参数、提交给index.php /admin/multimedia/file/list页面的keyword和fileId参数、提交给index.php/admin/ad /client/list页面的name、email和address参数。远程攻击者可以通过提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 TIG TomatoCMS 2.0.6 厂商补丁: TIG --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://tomatocms.com/ |
| id | SSV:19750 |
| last seen | 2017-11-19 |
| modified | 2010-06-07 |
| published | 2010-06-07 |
| reporter | Root |
| title | TomatoCMS 2.0.6 任意文件上传和跨站脚本漏洞 |