Vulnerabilities > CVE-2012-1153 - Unspecified vulnerability in Apprain

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apprain
exploit available
metasploit
NVD
Published: 2012-10-06
Updated: 2024-11-21

Summary

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.

Vulnerable Configurations

Part Description Count
Application
Apprain
6

D2sec

nameappRain 0.1.5 File Upload
urlhttp://www.d2sec.com/exploits/apprain_0.1.5_file_upload.html

Exploit-Db

  • descriptionappRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit. CVE-2012-1153. Webapps exploit for php platform
    fileexploits/php/webapps/18392.php
    idEDB-ID:18392
    last seen2016-02-02
    modified2012-01-19
    platformphp
    port
    published2012-01-19
    reporterEgiX
    sourcehttps://www.exploit-db.com/download/18392/
    titleappRain CMF <= 0.1.5 uploadify.php Unrestricted File Upload Exploit
    typewebapps
  • descriptionappRain CMF Arbitrary PHP File Upload Vulnerability. CVE-2012-1153. Webapps exploit for php platform
    fileexploits/php/webapps/18922.rb
    idEDB-ID:18922
    last seen2016-02-02
    modified2012-05-25
    platformphp
    port
    published2012-05-25
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/18922/
    titleappRain CMF Arbitrary PHP File Upload Vulnerability
    typewebapps

Metasploit

descriptionThis module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.
idMSF:EXPLOIT/MULTI/HTTP/APPRAIN_UPLOAD_EXEC
last seen2020-05-26
modified2017-07-24
published2012-05-23
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1153
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/apprain_upload_exec.rb
titleappRain CMF Arbitrary PHP File Upload Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/113001/apprain_upload_exec.rb.txt
idPACKETSTORM:113001
last seen2016-12-05
published2012-05-24
reporterEgiX
sourcehttps://packetstormsecurity.com/files/113001/appRain-CMF-Arbitrary-PHP-File-Upload-Vulnerability.html
titleappRain CMF Arbitrary PHP File Upload Vulnerability

References