exploitDog

CVE-2013-4898

Опубликовано: 29 янв. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

"CWE-434: Unrestricted Upload of File with Dangerous Type"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:webhive:timeline:4.2.5:p9:*:*:*:*:*:*

cpe:2.3:a:socialengine:socialengine:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04262

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5wm4-w599-4rw3

github

больше 3 лет назад

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.

EPSS

Процентиль: 89%

0.04262

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other