Описание
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zomplog:zomplog:3.7:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.8:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04327
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2007-5230.
EPSS
Процентиль: 89%
0.04327
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-20