Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16194
HistoryFeb 27, 2007 - 12:00 a.m.

MTCMS multiple upload vulnerabilities

2007-02-2700:00:00
vulners.com
34
JSON

avatar upload vulnerability:
upload any kind of file in:
site.com/MTCMS-V2.2/?a=gallery&b=add_down
and approuved or not it will be here :
/uploads/pictures/
same thing for : add link
/index.php?a=links&b=add_link

xss permanent on Contact Us :
message & title fields are vulnerable to an xss attack.
this kind of xss are pretty dangerous, because you send the malicious message to an admin.
so you can get his cookie.

regards laurent gaffie

JSON