What is CVE-2011-4828?

CVE-2011-4828 is a vulnerability in Autosectools V-cms, classified under Code Injection. Published 2011-12-15.

Is CVE-2011-4828 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Autosectools V-cms

CVE-2011-4828

Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reques…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.797 (99.1th percentile) — read the EPSS interpretation.

Affected products

Autosectools V-cms — versions 1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

50706 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
46861 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2011-4828?: CVE-2011-4828 is a vulnerability in Autosectools V-cms, classified under Code Injection. Published 2011-12-15.
Is CVE-2011-4828 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.