Описание
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.7 (включая)
cpe:2.3:a:x2engine:x2engine:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01227
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
EPSS
Процентиль: 79%
0.01227
Низкий
5 Medium
CVSS2
Дефекты
CWE-264