ImpressCMS version 1.4.4 suffers from an arbitrary file upload due to a weak blacklisting methodology for file extensions.
e3a1d424f71f1feb571e0ac4b2912e399c1c124ebdfb5d9e83276acd5816f7e8# Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload
# Date: 7/4/2022
# Exploit Author: Ünsal Furkan Harani (Zemarkhos)
# Vendor Homepage: https://www.impresscms.org/
# Software Link: https://github.com/ImpressCMS/impresscms
# Version: v1.4.4
# Description:
Between lines 152 and 162, we see the function "extensionsToBeSanitized".Since the blacklist method is weak, it is familiar that the file can be uploaded in the extensions mentioned below.
.php2, .php6, .php7, .phps, .pht, .pgif, .shtml, .htaccess, .phar, .inc
Impresscms/core/File/MediaUploader.php Between lines 152 and 162:
private $extensionsToBeSanitized = array('php','phtml','phtm','php3','php4','cgi','pl','asp','php5');
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed