RunCMS Remote Arbitrary File Upload Vulnerability

Bugtraq ID:	13027
Class:	Input Validation Error
CVE:	CVE-2005-1031
Remote:	Yes
Local:	No
Published:	Apr 06 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Discovery is credited to pokley <[email protected]>.
Vulnerable:	RunCMS RunCMS 1.1 A RunCMS RunCMS 1.1 E-Xoops E-Xoops 1.0 5r3
Not Vulnerable:

RunCMS Remote Arbitrary File Upload Vulnerability

RunCMS is prone to a remote arbitrary file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded using custom avatar upload functionality.

This issue can ultimately facilitate unauthorized access in the context of the Web server.

RunCMS 1.1A and prior versions are affected by this issue.

RunCMS Remote Arbitrary File Upload Vulnerability

An exploit is not required.

RunCMS Remote Arbitrary File Upload Vulnerability

Solution:
A patch is available to address this issue.


E-Xoops E-Xoops 1.0 5r3

• RunCMS avatarupload fix
  http://www.runcms.org/public/modules/mydownloads/singlefile.php?lid=21 9

RunCMS RunCMS 1.1 A

• RunCMS avatarupload fix
  http://www.runcms.org/public/modules/mydownloads/singlefile.php?lid=21 9

RunCMS RunCMS 1.1

• RunCMS avatarupload fix
  http://www.runcms.org/public/modules/mydownloads/singlefile.php?lid=21 9

RunCMS Remote Arbitrary File Upload Vulnerability

References:

• RunCms Homepage (RunCms)
  
• runcms/e-xoops 1.1A and below file upload vulnerability (pokley )