PT-2017-11925 · Tilde · Tilde Cms
Publicado
2017-07-24
·
Atualizado
2019-10-03
·
CVE-2017-11326
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Tilde CMS version 1.0.1
Description
An issue in Tilde CMS allows bypassing restrictions on arbitrary file upload by manipulating the filename with +php.
Recommendations
For Tilde CMS version 1.0.1, consider restricting or validating file uploads to prevent arbitrary file upload via filename manipulation until a patch is available.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tilde Cms