PT-2017-17893 · Bigtree · Bigtree Cms
Math1As
·
Publicado
2017-04-11
·
Atualizado
2017-04-17
·
CVE-2017-7695
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BigTree CMS versions prior to 4.2.17
Description
The issue allows for Unrestricted File Upload, enabling an attacker to bypass safety checks by uploading a file named 'xxx.php[space]'. This could lead to the execution of arbitrary code.
Recommendations
For versions prior to 4.2.17, update to version 4.2.17 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bigtree Cms