XHP CMS FileManager PHP file upload
| xhpcms-filemanager-file-upload (25399) |  Medium Risk |
Description:
XHP CMS could allow a remote attacker to upload and execute malicious PHP files. XHP CMS fails to restrict access to the FileManager upload scripts. An attacker could exploit this vulnerability to upload malicious PHP files and then execute arbitrary code on the system by specifying the uploaded file in a specially-crafted URL request to the suntzu.php script.
Platforms Affected:
- Laurentiu Matei, XHP CMS 0.5
Remedy:
Upgrade to the latest version of XHP CMS (0.5.1 or later), available from the XHP CMS Web site. See References.
Consequences:
Gain Access
References:
- eXpandable Home Page Web site, XHP CMS at http://xhp.targetit.ro/index.php?page=2.
- BID-17209: eXpandable Home Page CMS Multiple Access Validation Vulnerabilities
- CVE-2006-1371: Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
- SA19353: XHP CMS "FileManager" File Upload Vulnerability
- VUPEN/ADV-2006-1052: XHP CMS FileManager Module Access Remote File Upload Vulnerability
Reported:
Mar 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net