Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2009-4793

Published: 22/04/2010 Updated: 19/09/2017
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 605
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Karl Core

Vulnerability Summary

Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

karl core bandsite cms 1.1.4

Exploits

Exploit DB: BandSite CMS 1.1.4 - 'members.php' SQL Injection
######################################################################### [+] BandSite CMS 114 (SQL/Upload Shell) Multiple Remote Vulnerabilites [+] Discovered By SirGod [+] wwwmortal-teamorg [+] wwwh4cky0uorg ######################################################################### [+] Remote SQL Injection - The script is full of SQLI bug ...

References

CWE-94http://secunia.com/advisories/21992http://www.exploit-db.com/exploits/8309https://nvd.nist.govhttps://www.exploit-db.com/exploits/8309/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook