Subdreamer CMS Image Gallery Remote File Upload Vulnerability

Subdreamer CMS is prone to a remote file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Subdreamer CMS versions 3.0.1 and 3.0.4 are vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus