Family: CGI abuses --> Category: infos
RunCMS Remote Arbitrary File Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for remote arbitrary file upload vulnerability in RunCMS
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that allows arbitrary
The remote host is running RunCMS / E-Xoops, a content management
system written in PHP.
According to its banner, the version of this software installed on the
remote host may allow a user to upload arbitrary files and potentially
run them. This issue arises if avatar uploads are enabled (they are
not by default).
See also :
Set 'Allow custom avatar upload' to 'No' in 'Custom avatar settings'.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.