Описание
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kalptaru_infotech:stararticles:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07457
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
EPSS
Процентиль: 92%
0.07457
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264