Описание
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Not Applicable
- Third Party AdvisoryVDB Entry
- Issue TrackingPatch
- Release Notes
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Not Applicable
- Third Party AdvisoryVDB Entry
- Issue TrackingPatch
- Release Notes
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
The default file type whitelist configuration in conf/mime.conf in the ...
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
EPSS
4.3 Medium
CVSS2