Vulnerabilities > CVE-2010-1514 - Unspecified vulnerability in Tomatocms

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
tomatocms
NVD
Published: 2010-06-15
Updated: 2024-11-21

Summary

Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.

Vulnerable Configurations

Part Description Count
Application
Tomatocms
9

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 40544 CVE ID: CVE-2010-1514,CVE-2010-1515 TomatoCMS是一款开源的内容管理系统。 在向TomatoCMS添加新文章时没有对所上传的文件执行重复的验证,拥有Add new article、Upload file to server和Browse uploaded files权限的用户可以向服务器上传并执行恶意文件。 TomatoCMS没有正确地过滤提交给index.php/admin/news/article/list页面的keyword和article- id参数、提交给index.php/admin/multimedia/set/list页面的keyword参数、提交给index.php /admin/multimedia/file/list页面的keyword和fileId参数、提交给index.php/admin/ad /client/list页面的name、email和address参数。远程攻击者可以通过提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 TIG TomatoCMS 2.0.6 厂商补丁: TIG --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://tomatocms.com/
idSSV:19750
last seen2017-11-19
modified2010-06-07
published2010-06-07
reporterRoot
titleTomatoCMS 2.0.6 任意文件上传和跨站脚本漏洞

References