Описание
Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sandline:centraleyezer:-:*:*:*:on_premise:*:*:*
EPSS
Процентиль: 61%
0.00418
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.
EPSS
Процентиль: 61%
0.00418
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434