PT-2017-14255 · Gpsurgery · Gpweb
Publicado
2017-12-18
·
Atualizado
2018-01-05
·
CVE-2017-15876
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GPWeb version 8.4.61
Description
The issue allows remote authenticated users to upload any type of file, including a PHP shell, due to an Unrestricted File Upload vulnerability.
Recommendations
For GPWeb version 8.4.61, update to a version that addresses the Unrestricted File Upload vulnerability, or as a temporary workaround, consider restricting file upload capabilities to authorized users and validating the type of files being uploaded to prevent malicious uploads.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gpweb