Описание
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:noguska:nola:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:noguska:nola:1.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00721
Низкий
5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
почти 4 года назад
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
EPSS
Процентиль: 72%
0.00721
Низкий
5 Medium
CVSS2
Дефекты
CWE-434