PT-2014-7222 · Infusionsoft · Infusionsoft Gravity Forms

G0Blin

Publicado

2014-09-26

Atualizado

2015-10-01

CVE-2014-6446

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Infusionsoft Gravity Forms plugin versions 1.5.3 through 1.5.10

Description The issue allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to "utilities/code generator.php". This is due to improper access restriction.

Recommendations For versions 1.5.3 through 1.5.10, consider restricting access to the "utilities/code generator.php" endpoint until a patch is available.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2014-6446

Produtos afetados

Infusionsoft Gravity Forms

PT-2014-7222 · Infusionsoft · Infusionsoft Gravity Forms

CVE-2014-6446

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9