Описание
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Broken LinkPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:*
cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00702
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 3.7
github
почти 4 года назад
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
EPSS
Процентиль: 72%
0.00702
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-434
CWE-434