Описание
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.0 (включая) до 1.1.9 (исключая)
cpe:2.3:a:microengine:mailform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00778
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
EPSS
Процентиль: 73%
0.00778
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434