ID de Prueba:	1.3.6.1.4.1.25623.1.0.200100
Categoría:	Web application abuses
Título:	XHP CMS <= 0.5 File Upload Vulnerability
Resumen:	XHP CMS is prone to a file upload vulnerability.
Descripción:	Summary: XHP CMS is prone to a file upload vulnerability. Vulnerability Insight: The flaw exists because the application does not authenticate users to access the FileManager scripts located at: '/inc/htmlarea/plugins/FileManager/manager.php' and '/inc/htmlarea/plugins/FileManager/standalonemanager.php' Vulnerability Impact: This allows an attacker to upload content to the webserver, and execute arbitrary commands with privileges of the webserver account. Solution: Update to version 0.51 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1371 BugTraq ID: 17209 http://www.securityfocus.com/bid/17209 https://www.exploit-db.com/exploits/1605 http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.vupen.com/english/advisories/2006/1052 XForce ISS Database: xhpcms-filemanager-file-upload(25399) https://exchange.xforce.ibmcloud.com/vulnerabilities/25399
Copyright	Copyright (C) 2008 Ferdy Riphagen

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.