CVE-2012-4036

Опубликовано: 27 авг. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'

Ссылки

http://osvdb.org/84479
http://secunia.com/advisories/50153
Vendor Advisory
http://www.pbboard.com/forums/t10352.html
Vendor Advisory
URL Repurposed
http://www.pbboard.com/forums/t10353.html
Exploit
URL Repurposed
http://www.securityfocus.com/bid/54916
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/77508
https://www.htbridge.com/advisory/HTB23101
http://osvdb.org/84479
http://secunia.com/advisories/50153
Vendor Advisory
http://www.pbboard.com/forums/t10352.html
Vendor Advisory
URL Repurposed
http://www.pbboard.com/forums/t10353.html
Exploit
URL Repurposed
http://www.securityfocus.com/bid/54916
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/77508
https://www.htbridge.com/advisory/HTB23101

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pbboard:pbboard:2.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05206

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r99x-5v7g-2wmf

github

больше 3 лет назад