Home > Content Management, File Inclusion > CMS Made Simple Download Manager Module Arbitrary File Upload

CMS Made Simple Download Manager Module Arbitrary File Upload

July 29th, 2010

Application: CMS Made Simple
Affected Version: version 1.4.1 and other versions.
Vendor’s URL: Download Manager Module
Bug Type: File Upload
Risk Level: Critical

Solution:
Restrict access to the “modules/DownloadManager/lib/simple-upload/example.php” script (e.g. via .htaccess)

Content Management, File Inclusion

Comments are closed.