CompactCMS version 1.4.0 suffers from a shell upload vulnerability.
bde2a1b50ebfba72ebfd084f8c05c0aef45218bd118cd43253ca036b742c2a57
dear sir or madam
ITSecTeam has found new vulnerability in CompactCMS 1.4.0 (tiny_mce)
In the following contain some information about the bug
best regards
M3hr@n.s
Technical Manager
##########################################################
#Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload
#Vendor: https://www.compactcms.nl/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: https://www.itsecteam.com
#Forum : https://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm
#Thanks: r3dm0v3, pejvak, am!rkh@n
##########################################################
#DESCRIPTION (by vendor):#################################
CompactCMS might just be the tenth CMS you considered using for your website.
If that's true, ask yourself why you haven't found the right Content
Management
System just yet. CompactCMS is light-weight, truly efficient and fully
Ajax loaded.
#POC:#####################################################
https://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php