exploitDog

CVE-2012-3811

Опубликовано: 03 июл. 2012

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

'CWE-434: Unrestricted Upload of File with Dangerous Type'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avaya:ip_office_customer_call_reporter:7.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:ip_office_customer_call_reporter:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.77369

Высокий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mp38-6v6c-xp85

github

больше 3 лет назад

Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.

EPSS

Процентиль: 99%

0.77369

Высокий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other