CVE-2009-3182

Anantasoft Gazelle Cms - Access Control

Title source: rule

Description

Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.

Exploits (2)

exploitdb WORKING POC VERIFIED

by RoMaNcYxHaCkEr · textwebappsphp

https://www.exploit-db.com/exploits/9433

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by IHTeam · bashwebappsphp

https://www.exploit-db.com/exploits/9425

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/33686

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9433

Scores

EPSS 0.0554

EPSS Percentile 90.3%

Details

CWE

CWE-264

Status published

Products (1)

anantasoft/gazelle_cms 1.0

Published Sep 11, 2009

Tracked Since Feb 18, 2026