Описание
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
Комментарий
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.19 (включая)
Одно из
cpe:2.3:a:e107:e107:*:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.13:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.14:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.15:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.16:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.17:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.7.18:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.547:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.548:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.549:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.551:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.552:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.553:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.554:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.554:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.555:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.600:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.601:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.602:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.604:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.605:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.606:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.607:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.608:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.609:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.610:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.611:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.612:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.613:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.614:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.615:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.615a:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.616:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.617:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.6171:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.6172:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.6173:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.6174:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:0.6175:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.1:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.3:beta:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.3:beta2:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.04:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta1:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta2:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta3:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta4:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta5:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.4:beta6:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.05:*:*:*:*:*:*:*
cpe:2.3:a:e107:e107:5.21:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02777
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
EPSS
Процентиль: 86%
0.02777
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other