Vulnerabilities > CVE-2010-4313 - Unspecified vulnerability in Novo-Ws Orbis CMS 1.0.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability. CVE-2010-4313. Webapps exploit for php platform |
| file | exploits/php/webapps/15636.txt |
| id | EDB-ID:15636 |
| last seen | 2016-02-01 |
| modified | 2010-11-30 |
| platform | php |
| port | |
| published | 2010-11-30 |
| reporter | Mark Stanislav |
| source | https://www.exploit-db.com/download/15636/ |
| title | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/96250/orbiscms-shell.txt |
| id | PACKETSTORM:96250 |
| last seen | 2016-12-05 |
| published | 2010-12-01 |
| reporter | Mark Stanislav |
| source | https://packetstormsecurity.com/files/96250/Orbis-CMS-1.0.2-Shell-Upload.html |
| title | Orbis CMS 1.0.2 Shell Upload |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:70302 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-70302 |
| title | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability |