Amiro CMS<=5.4.4 PHP injection

[Владимир Воронцов <vladimir.vorontsov () onsec ru>]

[ONSEC-09-026] Amiro CMS PHP inj 
[CVE number requested]
Objective: Amiro CMS <= 5.4.4 
Type: PHP injection 
Threat: Medium 
Discovery date: 29.12.2009 
Date of notification Developer: 29.12.2009 
Released correction: 03/05/2010 
Author: Vladimir Vorontsov 
OnSec Russian Security Group (onsec [dot] ru) 
Description: A vulnerability opens the way to overwrite and create
arbitrary files on the target system. 
An attacker can affect the data falling into the file by changing some
parameters in the administrative console. 
Also, due to lack of filtration attacker can specify an arbitrary file
name and path, using the relative definition. 
The most dangerous is the creation of an executable file interpreter,
which leads to the execution of arbitrary commands. 
For operation, a user account access to the module "Data Sharing" in the
administrative console. 
The vulnerability exists due to lack of filtration in the name and file
type in the module "Data Sharing".

original at russian: http://onsec.ru/vuln?id=21

-- 
Best regards, 
Vladimir Vorontsov
ONsec security expert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/