Vulnerability Description
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insanevisions | Adaptcms | 3.0.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/116722
- http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-ExecutExploit
- http://www.exploit-db.com/exploits/35710Exploit
- http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.phpExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99616
- http://osvdb.org/show/osvdb/116722
- http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-ExecutExploit
- http://www.exploit-db.com/exploits/35710Exploit
- http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.phpExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99616
FAQ
What is CVE-2015-1059?
CVE-2015-1059 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it ...
How severe is CVE-2015-1059?
CVE-2015-1059 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1059?
Check the references section above for vendor advisories and patch information. Affected products include: Insanevisions Adaptcms.