This advisory describes an arbitrary file upload vulnerability in Luftguitar CMS 2.0.2, allowing attackers to upload malicious files via the Image Gallery component. The uploaded files are stored in the /Images/ directory, potentially leading to remote code execution if executable files are uploaded.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Luftguitar CMS 2.0.2
No auth needed
Prerequisites:Access to the vulnerable upload endpoint