exploitDog

CVE-2019-12150

Опубликовано: 24 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.

Ссылки

https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload
Exploit
Third Party Advisory
https://www.karamasoft.com
Product
Vendor Advisory
https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload
Exploit
Third Party Advisory
https://www.karamasoft.com
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:karamasoft:ultimateeditor:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-qf2m-h28q-74r5

CVSS3: 9.8

github

больше 3 лет назад

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.

EPSS

Процентиль: 69%

0.00607

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434