Abysssec Research
1) Advisory information
| Title | AtomatiCMS Upload arbitrary file Vulnerability |
| Affected | AtomatiCMS 10_all |
| Discovery | www.abysssec.com |
| Vendor | http://www.atomaticsoftware.com |
| Impact | Critical |
| Contact | shahin [at] abysssec.com , info [at] abysssec.com |
| @abysssec |
2) Vulnerability Information
| Class | File Upload |
| Impact | Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying server. |
| Remotely Exploitable | Yes |
| Locally Exploitable | No |
3) Vulnerabilities detail
File Upload
This version of AtomatiCMS have Upload arbitrary file Vulnerability with fckEditor in this Paths:
http://Example.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
http://Example.com/FCKeditor/editor/filemanager/upload/test.html
http://Example.com/FCKeditor/editor/filemanager/upload/test.html
Which your files will be in this path:
.../UserFiles/
That’s all !
Check out the AtomatiCMS Upload Arbitrary File Vulnerability Exploit.