exploitDog

CVE-2005-2955

Опубликовано: 16 сент. 2005

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.

Ссылки

http://marc.info/?l=bugtraq&m=112671176100432&w=2
http://rgod.altervista.org/atutor151.html
Exploit
Vendor Advisory
http://marc.info/?l=bugtraq&m=112671176100432&w=2
http://rgod.altervista.org/atutor151.html
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:adaptive_technology_resource_centre:atutor:1.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.0009

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xxwf-mr27-9j8v

github

около 3 лет назад

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.

EPSS

Процентиль: 27%

0.0009

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other