Release Date.              24-Aug-2012
Last Update.               -
Vendor Notification Date.  28-Oct-2011
Product.                   Elcom CMS - Community Manager
Platform.                  ASP.NET
Affected versions.         Elcom Community Manager version 7.4.10 and
possibly others
Severity Rating.           High
Impact.                    Exposure of system information
                           Exposure of sensitive information
                           System Access
Attack Vector.             Remote with authentication
Solution Status.           Fixed in version 7.5 and later (not verified by
SOS)
CVE reference.             CVE - not yet assigned

Details.
The https://[server]/UploadStyleSheet.aspx script does not validate the file
type passed in the parameter "myfile0" on the server side allowing the
uploading and execution of ASPX files. An attacker can upload an ASPX web
shell and execute commands with web server user privileges.

Proof of Concept (port scanning).
A shell uploaded using the vulnerable
(https://[server]/UploadStyleSheet.aspx) script can be accessed at the
following location: https://[server]/UserUploadedStyles/shell.aspx

Solution.
Upgrade to version 7.5 or later.