CVE-2011-5134

Опубликовано: 30 авг. 2012

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

'Unrestricted File Upload Vulnerability'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:widgetfactorylimited:com_jce:*:*:*:*:*:*:*:*

Версия до 2.0.17 (включая)

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:widgetfactorylimited:com_jce:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00381

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hrjr-c8fc-6rr3

github

больше 3 лет назад