exploitDog

CVE-2017-1000238

Опубликовано: 17 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.

Ссылки

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt
Exploit
Issue Tracking
Third Party Advisory
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00567

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-9423-2j6f-86j6

CVSS3: 8.8

github

больше 3 лет назад

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.

EPSS

Процентиль: 68%

0.00567

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434