id: luftguitar-arbitrary-file-upload info: name: Luftguitar CMS Arbitrary File Upload author: pikpikcu severity: high description: A vulnerability in Luftguitar CMS allows remote unauthenticated users to upload files to the remote service via the 'ftb.imagegallery.aspx' endpoint. reference: - https://www.exploit-db.com/exploits/14991 tags: luftguitar,edb metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/ftb.imagegallery.aspx" matchers-condition: and matchers: - type: word part: body words: - '