‘Pulse CMS Arbitrary File Upload Vulnerability’
‘The original article can be found at: http://secunia.com/secunia_research/2010-47/‘
* Pulse CMS basic version 1.2.2
* Pulse CMS basic version 1.2.3
* Pulse CMS basic version 1.2.4 (Partial Fix)
An error in the validation of uploaded image files can be exploited to upload files with an arbitrary extension to a folder within the web root. This can be exploited to upload and execute arbitrary PHP code.
Successful exploitation requires authentication.
19/03/2010 – Vendor notified.
19/03/2010 – Vendor response.
08/04/2010 – Public disclosure.’