Published: 23/05/2014 Updated: 27/06/2014

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 855

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The uploadFile function in upload/index.php in CosCMS prior to 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
coscms coscms
coscms coscms 1.41
coscms coscms 1.3

Advisory ID: HTB23145 Product: CosCms Vendor: wwwcoscmsorg Vulnerable Version(s): 1721 and probably prior Tested Version: 1721 Vendor Notification: February 13, 2013 Vendor Patch: February 13, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: OS Command Injection [CWE-78] CVE Reference: CVE-2013-1668 Risk Level: High CVSSv2 B ...

CosCms version 1721 suffers from a remote OS command injection vulnerability ...

CWE-78 http://www.securityfocus.com/bid/58332 http://osvdb.org/90927 http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html http://www.coscms.org/blog/view/4/Version-1.822 https://www.htbridge.com/advisory/HTB23145 https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c http://www.exploit-db.com/exploits/24629 https://nvd.nist.gov https://www.exploit-db.com/exploits/24629/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1668

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect