gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Greymatter | Greymatter | * | 1.3.1 (including) |
| Greymatter | Greymatter | 1.1b (including) | 1.1b (including) |
| Greymatter | Greymatter | 1.2 (including) | 1.2 (including) |
| Greymatter | Greymatter | 1.3 (including) | 1.3 (including) |
| Greymatter | Greymatter | 1.21 (including) | 1.21 (including) |
| Greymatter | Greymatter | 1.21a (including) | 1.21a (including) |
| Greymatter | Greymatter | 1.21b (including) | 1.21b (including) |
| Greymatter | Greymatter | 1.21c (including) | 1.21c (including) |
| Greymatter | Greymatter | 1.21d (including) | 1.21d (including) |
References
- http://secunia.com/advisories/19423
- http://www.osvdb.org/24210
- http://www.securityfocus.com/bid/17271
- http://www.vupen.com/english/advisories/2006/1138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25496
- http://secunia.com/advisories/19423
- http://www.osvdb.org/24210
- http://www.securityfocus.com/bid/17271
- http://www.vupen.com/english/advisories/2006/1138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25496