Vulnerabilities > CVE-2012-5893 - Unspecified vulnerability in Havalite CMS
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/118714/hava117.rb.txt |
| id | PACKETSTORM:118714 |
| last seen | 2016-12-05 |
| published | 2012-12-10 |
| reporter | KedAns-Dz |
| source | https://packetstormsecurity.com/files/118714/Havalite-1.1.7-Cross-Site-Scripting-Shell-Upload.html |
| title | Havalite 1.1.7 Cross Site Scripting / Shell Upload |
References
- http://osvdb.org/80768
- http://osvdb.org/80768
- http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html
- http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html
- http://secunia.com/advisories/48646
- http://secunia.com/advisories/48646
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74486