Описание
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.7 (включая)
Одно из
cpe:2.3:a:flatnuke:flatnuke:*:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:1.0:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:1.5:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:1.6:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:1.7:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:1.8:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.0:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03609
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
EPSS
Процентиль: 87%
0.03609
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other