CVE-2013-3535

CMSLogik 1.2.0-1.2.1 - Stored Cross-Site Scripting via Multiple Admin Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3535. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in CMSLogik 1.2.1, allowing authenticated users to upload malicious PHP files with multiple extensions. It includes user registration, login, and shell upload functionality.

Description

Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonwebappsphp

https://www.exploit-db.com/exploits/24959

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in CMSLogik 1.2.1, allowing authenticated users to upload malicious PHP files with multiple extensions. It includes user registration, login, and shell upload functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CMSLogik 1.2.1 and 1.2.0

Auth required

Prerequisites: Network access to the target · Valid credentials or ability to register a user

MITRE ATT&CK