Описание
WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.
WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1329
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67641
- http://digit.que.ne.jp/work/index.cgi?WalRack
- http://digit.que.ne.jp/work/index.cgi?WalRack2
- http://jvn.jp/en/jp/JVN46984044/54827/index.html
- http://jvn.jp/en/jp/JVN46984044/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2011-000032
- http://www.securityfocus.com/bid/48001
EPSS
Процентиль: 76%
0.00973
Низкий
CVE ID
Связанные уязвимости
nvd
больше 14 лет назад
WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.
EPSS
Процентиль: 76%
0.00973
Низкий