CVE-2014-2042

Опубликовано: 28 апр. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

"CWE-434: Unrestricted Upload of File with Dangerous Type"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:livetecs:timeline:*:*:*:*:*:*:*:*

Версия до 6.2.8 (включая)

cpe:2.3:a:livetecs:timeline:2.81:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:2.91:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:2.94:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:4.9.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.6:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.7:*:*:*:*:*:*:*

cpe:2.3:a:livetecs:timeline:6.2.71:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01521

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-q2fj-rm78-5v8m

github

больше 3 лет назад