Lanius CMS <= 0.5.2 (upload.php) Unrestricted File Upload Vulnerability

Description:

Lanius CMS contains a flaw that allows a remote user to upload and execute arbitrary PHP code. The vulnerability is caused due to an error in the handling of file uploads in the includes/upload.php script.

References:

BID-34415
EDB-8362

Disclosure Date:

April 7, 2009