‘Orbis CMS’: Arbitrary Script Execution Vulnerability

Users of ‘Orbis CMS’ please be advised of an Arbitrary Script Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Orbis-SA-11/29/2010: ‘Orbis CMS’ Arbitrary Script Execution Vulnerability (CVE-2010-4313)
DESCRIPTION
—————————————
A vulnerability exists in the ‘Orbis CMS’ fileman_file_upload.php script that allows any authenticated user to upload a
PHP script and then run it without restriction.

Read more at http://www.criticalwatch.com

 

Advertisements