CVE-2015-6568

HIGH

Wolfcms Wolf Cms < 0.8.3 - Improper Input Validation

Title source: rule

Description

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.

Exploits (2)

exploitdb WORKING POC

by s0nk3y · rubyremotephp

https://www.exploit-db.com/exploits/40004

View Code ZIP pw:eip

exploitdb WRITEUP

by Narendra Bhati · textwebappsphp

https://www.exploit-db.com/exploits/38000

View Code ZIP pw:eip

References (7)

[Exploit, Technical Description, Third Party Advisory] http://www.websecgeeks.com/2015/08/wolf-cms-arbitrary-file-upload-to.html

[Patch, Third Party Advisory] https://github.com/wolfcms/wolfcms/commit/2160275b60736f706dfda132c7c46728c5b255fa

[Third Party Advisory] https://github.com/wolfcms/wolfcms/issues/625

[Release Notes, Third Party Advisory] https://github.com/wolfcms/wolfcms/releases/tag/0.8.3.1

[Release Notes, Third Party Advisory] https://www.wolfcms.org/blog/2015/08/10/releasing-wolf-cms-0-8-3-1.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38000/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40004/

Scores

CVSS v3 8.8

EPSS 0.1186

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

wolfcms/wolf_cms < 0.8.3

Published Apr 14, 2017

Tracked Since Feb 18, 2026