Описание
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
Ссылки
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:snitz_communications:avatar_mod:1.3:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.06:*:*:*:*:*:*:*
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.07:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01471
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
EPSS
Процентиль: 81%
0.01471
Низкий
5 Medium
CVSS2
Дефекты
CWE-264