CVE-2015-7571

HIGH EXPLOITED

Yeager CMS 1.2.1 - Unrestricted File Upload

Title source: llm

Exploitation Summary

CVE-2015-7571 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including SEC Consult.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Description

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/39436

View Code ZIP pw:eip

This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Ssrf | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: Yeager CMS 1.2.1

No auth needed

Prerequisites: Access to the target Yeager CMS instance · Valid email address for password reset exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537493/100/0/threaded

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39436/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Feb/44

Scores

CVSS v3 7.8

EPSS 0.0811

EPSS Percentile 94.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-11-22

CWE

CWE-434

Status published

Products (1)

yeager/yeager_cms 1.2.1

Published Aug 07, 2017

Tracked Since Feb 18, 2026