Описание
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
Комментарий
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.5 (включая)
Одно из
cpe:2.3:a:apprain:apprain:*:*:*:*:*:*:*:*
cpe:2.3:a:apprain:apprain:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apprain:apprain:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apprain:apprain:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apprain:apprain:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apprain:apprain:0.1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.81712
Высокий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
EPSS
Процентиль: 99%
0.81712
Высокий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other