Описание
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1 (включая)
Одновременно
Одно из
cpe:2.3:a:fabrikar:com_fabrikar:*:*:*:*:*:*:*:*
cpe:2.3:a:fabrikar:com_fabrikar:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fabrikar:com_fabrikar:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fabrikar:com_fabrikar:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fabrikar:com_fabrikar:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fabrikar:com_fabrikar:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01387
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
EPSS
Процентиль: 80%
0.01387
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other