This is a vulnerability writeup detailing multiple issues in JMD-CMS Alpha 3.0.0.9, including arbitrary file upload via FCKEditor and persistent XSS vulnerabilities in admin and registration pages. No exploit code is provided, only descriptions and vulnerable paths.
Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:JMD-CMS Alpha 3.0.0.9
Auth required
Prerequisites:Access to admin panel or registration page · FCKEditor enabled