MTCMS version 2.2 suffers from upload and cross site scripting vulnerabilities.
1c2b781aa2810cd0355873f992e38743d3b685df68a93fb493ebb8c02c64034d
avatar upload vulnerability:
upload any kind of file in:
site.com/MTCMS-V2.2/?a=gallery&b=add_down
and approuved or not it will be here :
/uploads/pictures/
same thing for : add link
/index.php?a=links&b=add_link
xss permanent on Contact Us :
message & title fields are vulnerable to an xss attack.
this kind of xss are pretty dangerous, because you send the malicious message to an admin.
so you can get his cookie.
regards laurent gaffiƩ