exploitDog

GHSA-2hf9-vh2r-j6vp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

Ссылки

EPSS

Процентиль: 95%

0.16497

Средний

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2015-0258

CVSS3: 8.8

ubuntu

почти 6 лет назад

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

CVE-2015-0258

CVSS3: 8.8

nvd

почти 6 лет назад

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

CVE-2015-0258

CVSS3: 8.8

debian

почти 6 лет назад

Multiple incomplete blacklist vulnerabilities in the avatar upload fun ...

EPSS

Процентиль: 95%

0.16497

Средний

CVE ID

Дефекты

CWE-434