Main Vulnerability Database Exploits ID:3837 - Exploit for Code Injection in AdaptCMS - CVE-2015-1059

ID:3837 - Exploit for Code Injection in AdaptCMS - CVE-2015-1059

Published: August 9, 2020

Vulnerability identifier: #VU40946

Vulnerability risk: Low

CVE-ID: CVE-2015-1059

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
AdaptCMS

Link to public exploit:

https://www.exploit-db.com/exploits/35710/

Vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.

Remediation

Install update from vendor's website.

ID:3837 - Exploit for Code Injection in AdaptCMS - CVE-2015-1059

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human