Description
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by StenoPlasma · textwebappscfm
https://www.exploit-db.com/exploits/35256
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65013
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45985
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43031
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/528212
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70669
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0217
Scores
EPSS
0.2237
EPSS Percentile
95.9%
Details
Status
published
Products (1)
lomtec/activeweb
3.0
Published
Jan 28, 2011
Tracked Since
Feb 18, 2026