Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-nu11secur1ty/vendors/atrocore/atrocore-1.5.25/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

atrocore-1.5.25-User interaction - Unauthenticated File upload - RCE - Information gathering

Vendor

Description:

The Create Import Feed option with glyphicon-glyphicon-paperclip - format CSV upload function appears to be vulnerable to User interaction - Unauthenticated File upload - RCE attacks. The attacker can easily upload a malicious file then can execute the file remotely and can get VERY sensitive information about the configuration of this system, after this he can perform a very nasty attack.

STATUS: HIGH Vulnerability CRITICAL

[+]Payload:

<?php
	phpinfo();
?>

Reproduce:

href

Reference:

href

Proof and Exploit:

href

Time spend:

00:45:00