Thursday 27 August 2015

Wolf CMS Arbitrary File Upload To Command Execution - CVE-2015-6567 ,CVE-2015-6568

Wolf CMS  Arbitrary File Upload To Command Execution


Full Technical Disclosure Of  Wolf CMS  Arbitrary File Upload To Command Execution



# Exploit Title          : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution
# Reported Date      : 05-May-2015
# Fixed Date             : 10-August-2015
# Exploit Author     : Narendra Bhati
# CVE ID                  : CVE-2015-6567 , CVE-2015-6568
# Additional Links -
* https://github.com/wolfcms/wolfcms/releases/
* https://www.wolfcms.org/blog/2015/08/10/releasing-wolf-cms-0-8-3-1.html
1. Description