PT-2015-5246 · Ferretcms · Ferretcms

Ghost

Publicado

2015-01-27

Atualizado

2015-01-28

CVE-2015-1371

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ferretCMS version 1.0.4-alpha

Description The issue allows remote administrators to execute arbitrary code by uploading a file with an executable extension to the custom/uploads/ directory, and then accessing it via a direct request. This is due to an unrestricted file upload vulnerability.

Recommendations For ferretCMS version 1.0.4-alpha, restrict access to the custom/uploads/ directory to prevent direct execution of uploaded files, and consider implementing file type validation to prevent uploading files with executable extensions.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-1371

Produtos afetados

Ferretcms

PT-2015-5246 · Ferretcms · Ferretcms

CVE-2015-1371

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7