CVE-2011-4828

Published: Dec 15, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.

Affected (1)

Products: Autosectools: V Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Autosectools V Cms	Version 1.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://bugs.v-cms.org/changelog_page.php

Source: cve@mitre.org

http://bugs.v-cms.org/view.php?id=53

Source: cve@mitre.org

http://secunia.com/advisories/46861

Source: cve@mitre.org

Vendor Advisory

http://www.autosectools.com/Advisory/V-CMS-1.0-Arbitrary-Upload-236

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/50706

Source: cve@mitre.org

Exploit

http://bugs.v-cms.org/changelog_page.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.v-cms.org/view.php?id=53

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/46861

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.autosectools.com/Advisory/V-CMS-1.0-Arbitrary-Upload-236

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/50706

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.