Описание
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
Комментарий
Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Ссылки
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.4:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.83363
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 19 лет назад
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 S ...
github
больше 3 лет назад
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
EPSS
Процентиль: 99%
0.83363
Высокий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other