Описание
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.
Ссылки
- PatchVendor Advisory
- Patch
- Patch
- Patch
- PatchVendor Advisory
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00911
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.
EPSS
Процентиль: 75%
0.00911
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other