Vulnerabilities > CVE-2010-4313 - Unspecified vulnerability in Novo-Ws Orbis CMS 1.0.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability. CVE-2010-4313. Webapps exploit for php platform |
file | exploits/php/webapps/15636.txt |
id | EDB-ID:15636 |
last seen | 2016-02-01 |
modified | 2010-11-30 |
platform | php |
port | |
published | 2010-11-30 |
reporter | Mark Stanislav |
source | https://www.exploit-db.com/download/15636/ |
title | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/96250/orbiscms-shell.txt |
id | PACKETSTORM:96250 |
last seen | 2016-12-05 |
published | 2010-12-01 |
reporter | Mark Stanislav |
source | https://packetstormsecurity.com/files/96250/Orbis-CMS-1.0.2-Shell-Upload.html |
title | Orbis CMS 1.0.2 Shell Upload |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:70302 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-70302 |
title | Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability |