Vulnerabilities > CVE-2012-6498 - Arbitrary File Upload vulnerability in Maxtom Atomymaxsite 1.50/2.0/2.5

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

maxtom

NVD

Published: 2013-01-08

Updated: 2013-01-15

Summary

Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part	Description	Count
Application	Maxtom Maxtom Atomymaxsite 1.50 Maxtom Atomymaxsite 2.0 Maxtom Atomymaxsite 2.5	3

References

http://thaicert.or.th/alerts/admin/2012/al2012ad025.html
http://www.youtube.com/watch?v=CfvTCSS3LGY