Vulnerabilities > CVE-2012-5893 - Unspecified vulnerability in Havalite CMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
havalite
Summary
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/118714/hava117.rb.txt |
id | PACKETSTORM:118714 |
last seen | 2016-12-05 |
published | 2012-12-10 |
reporter | KedAns-Dz |
source | https://packetstormsecurity.com/files/118714/Havalite-1.1.7-Cross-Site-Scripting-Shell-Upload.html |
title | Havalite 1.1.7 Cross Site Scripting / Shell Upload |