Secunia Research has discovered a vulnerability in TomatoCMS, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused by an error in the validation of uploaded image files while adding a new article. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. Successful exploitation requires “Add new article”, “Upload file to server”, and “Browse uploaded files” permissions. Version 2.0.6 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/90272/secunia-tomatocmsfu.txt
Source: https://packetstormsecurity.com/files/90272/TomatoCMS-Arbitrary-File-Upload.html