Описание
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
Комментарий
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpsimplicity:simplicity_of_upload:1.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01455
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
EPSS
Процентиль: 80%
0.01455
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other