Vulnerabilities > CVE-2012-1153 - Remote Arbitrary File Upload vulnerability in appRain CMF 'uploadify.php'

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

apprain

exploit available

metasploit

NVD

Published: 2012-10-06

Updated: 2017-08-29

Summary

Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part	Description	Count
Application	Apprain Apprain Apprain 0.1.0 Apprain Apprain 0.1.1 Apprain Apprain 0.1.2 Apprain Apprain 0.1.3 Apprain Apprain 0.1.4 Apprain Apprain 0.1.5	6

D2sec

name	appRain 0.1.5 File Upload
url	http://www.d2sec.com/exploits/apprain_0.1.5_file_upload.html

Exploit-Db

description	appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit. CVE-2012-1153. Webapps exploit for php platform
file	exploits/php/webapps/18392.php
id	EDB-ID:18392
last seen	2016-02-02
modified	2012-01-19
platform	php
port
published	2012-01-19
reporter	EgiX
source	https://www.exploit-db.com/download/18392/
title	appRain CMF <= 0.1.5 uploadify.php Unrestricted File Upload Exploit
type	webapps

description	appRain CMF Arbitrary PHP File Upload Vulnerability. CVE-2012-1153. Webapps exploit for php platform
file	exploits/php/webapps/18922.rb
id	EDB-ID:18922
last seen	2016-02-02
modified	2012-05-25
platform	php
port
published	2012-05-25
reporter	metasploit
source	https://www.exploit-db.com/download/18922/
title	appRain CMF Arbitrary PHP File Upload Vulnerability
type	webapps

Metasploit

description	This module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.
id	MSF:EXPLOIT/MULTI/HTTP/APPRAIN_UPLOAD_EXEC
last seen	2020-05-26
modified	2017-07-24
published	2012-05-23
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1153
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/apprain_upload_exec.rb
title	appRain CMF Arbitrary PHP File Upload Vulnerability

Packetstorm

data source	https://packetstormsecurity.com/files/download/113001/apprain_upload_exec.rb.txt
id	PACKETSTORM:113001
last seen	2016-12-05
published	2012-05-24
reporter	EgiX
source	https://packetstormsecurity.com/files/113001/appRain-CMF-Arbitrary-PHP-File-Upload-Vulnerability.html
title	appRain CMF Arbitrary PHP File Upload Vulnerability

Summary

Vulnerable Configurations

D2sec

Exploit-Db

Metasploit

Packetstorm

References