Description
Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php.
Affected products
- anantasoft / gazelle_cms1.0 – 1.0
References
- EXPLOIThttp://www.exploit-db.com/exploits/9425
- VENDOR_ADVISORYhttp://secunia.com/advisories/33686