Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-5148

Опубликовано: 31 авг. 2012
Источник: nvd
CVSS2: 6.8
EPSS Средний

Описание

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

Комментарий

Per: http://cwe.mitre.org/data/definitions/184.html

'CWE-184: Incomplete Blacklist'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:wasen:mod_simplefileupload:*:*:*:*:*:*:*:*
Версия до 1.3 (включая)
cpe:2.3:a:wasen:mod_simplefileupload:1.0:*:*:*:*:*:*:*
cpe:2.3:a:wasen:mod_simplefileupload:1.1:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.18928
Средний

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-x22x-5jv5-w996

github
больше 3 лет назад

Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.

EPSS

Процентиль: 95%
0.18928
Средний

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other