Full title: VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload 
Category: remote exploits
Platform: windows
This Metasploit module exploits a code execution flaw in VMware vCenter Chargeback Manager, where the ImageUploadServlet servlet allows unauthenticated file upload. The files are uploaded to the /cbmui/images/ web path, where JSP code execution is allowed. The module has been tested successfully on VMware vCenter Chargeback Manager 2.0.1 on Windows 2003 SP2.

# 0day.today @ http://0day.today/