appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Bugtraq ID:	51576
Class:	Input Validation Error
CVE:	CVE-2012-1153
Remote:	Yes
Local:	No
Published:	Jan 19 2012 12:00AM
Updated:	Oct 10 2012 06:10PM
Credit:	EgiX
Vulnerable:	appRain appRain CMF 0.1.5
Not Vulnerable:

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

appRain CMF is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may leverage this issue to upload arbitrary files to the affected server; this can result in arbitrary code execution within the context of the vulnerable application.

appRain CMF 0.1.5 and prior versions are vulnerable.

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Attackers can exploit this issue through a web browser.

The following exploit codes are available:

• /data/vulnerabilities/exploits/51576.php
• /data/vulnerabilities/exploits/51576.rb

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

References:

• appRain CMF Homepage (appRain)