exploitDog

CVE-2010-0757

Опубликовано: 27 фев. 2010

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

CWE-434: Unrestricted Upload of File with Dangerous Type

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wikyblog:wikyblog:1.7.3:rc2:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04009

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7f5c-7r4j-r8cc

github

почти 4 года назад

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.

EPSS

Процентиль: 88%

0.04009

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other