[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <k2m48317b001004191212pd4910269s8ab18abff08be669@mail.gmail.com>
Date: Mon, 19 Apr 2010 21:12:05 +0200
From: Salvatore Fresta aka Drosophila <drosophilaxxx@...il.com>
To: MustLive <mustlive@...security.com.ua>,
Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: [Suspected Spam]New vulnerabilities in CMS SiteLogic
2010/4/18 MustLive <mustlive@...security.com.ua>:
>
> Command Execution:
>
> It's possible to upload arbitrary files (shell upload) via module “Banner
> system” in admin panel.
>
This is not a command execution vulnerability but an arbitrary file
upload vulnerability with very very low risk (you need to know the
access to the control panel). Many web hosting provider doesn't allow
an user to execute commands using the classic functions, such as
system, shell_execute and others.
--
Salvatore Fresta aka Drosophila
http://www.salvatorefresta.net
CWNP444351
Powered by blists - more mailing lists