Описание
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
Ссылки
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Patch
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.21 (включая)
Одно из
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*
cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.012
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
EPSS
Процентиль: 79%
0.012
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other