exploitDog

CVE-2016-5661

Опубликовано: 15 июл. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.

Ссылки

http://www.kb.cert.org/vuls/id/665280
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/91765
http://www.kb.cert.org/vuls/id/665280
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/91765

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accela:civic_platform_citizen_access_portal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05693

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-q2hc-xfq6-qp7r

CVSS3: 8.8

github

больше 3 лет назад

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.

EPSS

Процентиль: 90%

0.05693

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284