-----------------------------------------------------------------------
Automne CMS (fckeditor) Arbitrary File Upload Vulnerability
-----------------------------------------------------------------------
Author      : syst3m_f4ult
Homepage    : http://www.automne-cms.org/
Vendor      : http://www.automne-cms.org/
Version     : 4.4.1 (probably all versions)
Tested on   : ubuntu 12.04
Date        : 2013-10-10
-----------------------------------------------------------------------

I.  POC & Exploit
-----------------------------------------------------------------------
Default     :   http://127.0.0.1/


exploit     :   http://127.0.0.1/
automne/fckeditor/editor/filemanager/connectors/test.html


results in  :   http://127.0.0.1/userfiles/name of file

Demo:
http://www.automne-cms.org/automne/fckeditor/editor/filemanager/connectors/test.html#
http://demo-en.automne.ws/automne/fckeditor/editor/filemanager/connectors/uploadtest.html