drew-byte/SiempreCMS-File-Upload-Abuse
GitHub
Releases0
An attacker can upload files to arbitrary directories under ../media/, including hidden ones. Though execution isn't possible, this can flood directories, exhaust disk space, and degrade performance or cause denial-of-service.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.3 HIGH | 7.5 HIGH | ||
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. | |||