exploitDog

CVE-2012-2902

Опубликовано: 21 мая 2012

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html 'Unrestricted Upload of File with Dangerous Type'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ryan_demmer:joomla_content_editor:*:*:*:*:*:*:*:*

Версия до 2.0.21 (включая)

cpe:2.3:a:ryan_demmer:joomla_content_editor:2.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.006

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2cqq-3cpj-9xcq

github

больше 3 лет назад

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.

EPSS

Процентиль: 68%

0.006

Низкий

6 Medium

CVSS2

Дефекты

NVD-CWE-Other