MobileCartly version 1.0 suffers from an arbitrary file deletion vulnerability.
3e0d3cff02b70b9d850e0e20a7bb38e04d1ab43ffeeccb1ae21617853e077b98
This Metasploit module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using file_put_contents(), which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user has WRITE permission.
d2b93bba6358674606a2931cdca65cfb7a3dc0f305c1159a3307f8e62152044e
MobileCartly version 1.0 suffers from a remote shell upload vulnerability.
6b0d23136395ed8d9e37f24807974ec3247792e0f5924bcd903b104aad5f2658