Описание
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06748
Низкий
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
почти 4 года назад
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.
EPSS
Процентиль: 91%
0.06748
Низкий
7.5 High
CVSS2
Дефекты
CWE-434