Intrusion Prevention

Etomite.CMS.Rfiles.PHP.Arbitrary.File.Upload

Description

Etomite CMS has an arbitrary file-upload vulnerability. A remote attacker could execute arbitrary commands or php code on the system with the privileges of the service, by uploading a malicious image file with a specially crafted HTTP POST request to rfiles.php and changing the file extension to .PHP.

Affected Products

Etomite Content Management System 0.6.1 and earlier

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.etomite.org/

CVE References

CVE-2006-7070