PT-2014-2486 · Coscms · Coscms
Publicado
2014-05-23
·
Atualizado
2014-06-27
·
CVE-2013-1668
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CosCMS versions prior to 1.822
Description
The issue allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file, specifically through the
uploadFile function in upload/index.php.Recommendations
For versions prior to 1.822, update to version 1.822 or later to resolve the issue. As a temporary workaround, consider restricting access to the
uploadFile function in upload/index.php to minimize the risk of exploitation. Avoid using shell metacharacters in file names for uploaded files until the issue is resolved.Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Coscms