Vulnerabilities > CVE-2012-1153 - Remote Arbitrary File Upload vulnerability in appRain CMF 'uploadify.php'
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
D2sec
name | appRain 0.1.5 File Upload |
url | http://www.d2sec.com/exploits/apprain_0.1.5_file_upload.html |
Exploit-Db
description appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit. CVE-2012-1153. Webapps exploit for php platform file exploits/php/webapps/18392.php id EDB-ID:18392 last seen 2016-02-02 modified 2012-01-19 platform php port published 2012-01-19 reporter EgiX source https://www.exploit-db.com/download/18392/ title appRain CMF <= 0.1.5 uploadify.php Unrestricted File Upload Exploit type webapps description appRain CMF Arbitrary PHP File Upload Vulnerability. CVE-2012-1153. Webapps exploit for php platform file exploits/php/webapps/18922.rb id EDB-ID:18922 last seen 2016-02-02 modified 2012-05-25 platform php port published 2012-05-25 reporter metasploit source https://www.exploit-db.com/download/18922/ title appRain CMF Arbitrary PHP File Upload Vulnerability type webapps
Metasploit
description | This module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. |
id | MSF:EXPLOIT/MULTI/HTTP/APPRAIN_UPLOAD_EXEC |
last seen | 2020-05-26 |
modified | 2017-07-24 |
published | 2012-05-23 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1153 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/apprain_upload_exec.rb |
title | appRain CMF Arbitrary PHP File Upload Vulnerability |
Packetstorm
data source | https://packetstormsecurity.com/files/download/113001/apprain_upload_exec.rb.txt |
id | PACKETSTORM:113001 |
last seen | 2016-12-05 |
published | 2012-05-24 |
reporter | EgiX |
source | https://packetstormsecurity.com/files/113001/appRain-CMF-Arbitrary-PHP-File-Upload-Vulnerability.html |
title | appRain CMF Arbitrary PHP File Upload Vulnerability |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0128.html
- http://www.exploit-db.com/exploits/18392
- http://www.exploit-db.com/exploits/18922
- http://www.openwall.com/lists/oss-security/2012/03/09/5
- http://www.openwall.com/lists/oss-security/2012/03/10/5
- http://www.osvdb.org/78473
- http://www.securityfocus.com/bid/51576
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72466