Описание
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Patch
- PatchVendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:moniwiki:moniwiki:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:moniwiki:moniwiki:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:moniwiki:moniwiki:1.0.9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01796
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 20 лет назад
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...
github
больше 3 лет назад
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
EPSS
Процентиль: 82%
0.01796
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other