CVE-2011-0678

Lomtec ActiveWeb Professional 3.0 - Unauthenticated Arbitrary File Upload via EasyEdit Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0678. PoCs published by StenoPlasma.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Lomtec ActiveWeb Professional 3.0. It outlines steps to exploit the vulnerability by manipulating hidden form fields to upload malicious files.

Description

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.

Exploits (1)

exploitdb WRITEUP VERIFIED
by StenoPlasma · textwebappscfm
https://www.exploit-db.com/exploits/35256

This is a writeup describing an arbitrary file upload vulnerability in Lomtec ActiveWeb Professional 3.0. It outlines steps to exploit the vulnerability by manipulating hidden form fields to upload malicious files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Lomtec ActiveWeb Professional 3.0
No auth needed
Prerequisites: Access to the vulnerable web page · Ability to modify hidden form fields
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65013
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45985
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43031
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/528212
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70669
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0217

Scores

EPSS 0.0921
EPSS Percentile 94.8%

Details

Status published
Products (1)
lomtec/activeweb 3.0
Published Jan 28, 2011
Tracked Since Feb 18, 2026