Vulnerabilities > CVE-2012-6509 - Portal Arbitrary File Upload and HTML Injection vulnerability in Netartmedia CAR Portal 3.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

netartmedia

exploit available

NVD

Published: 2013-01-24

Updated: 2013-01-29

Summary

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Vulnerable Configurations

Part	Description	Count
Application	Netartmedia Netartmedia CAR Portal 3.0	1

Exploit-Db

description	Car Portal CMS 3.0 - Multiple Vulnerabilities. CVE-2012-6508,CVE-2012-6509,CVE-2012-6510. Webapps exploit for php platform
id	EDB-ID:18801
last seen	2016-02-02
modified	2012-04-30
published	2012-04-30
reporter	Vulnerability-Lab
source	https://www.exploit-db.com/download/18801/
title	Car Portal CMS 3.0 - Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References