Описание
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Одновременно
Одно из
EPSS
9.4 Critical
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
Уязвимость обработчика загрузки файлов микропрограммного обеспечения SEPCOS Single Package реле управления и защиты Secheron SEPCOS, позволяющая нарушителю загружать произвольные файлы
EPSS
9.4 Critical
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2