PT-2018-14954 · Getsimple · Getsimple Cms
Hexifeo
·
Publicado
2018-11-21
·
Atualizado
2018-12-28
·
CVE-2018-19420
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
GetSimpleCMS version 3.3.15
Description
The issue allows HTML execution through alternative file uploads. This can occur with files having no extension or unrecognized extensions, such as 'test' or 'test.asdf', due to vulnerabilities in admin/upload-uploadify.php and the validate safe file function in admin/inc/security functions.php.
Recommendations
For GetSimpleCMS version 3.3.15, consider restricting or validating file uploads more strictly to prevent HTML execution, and review the validate safe file function in admin/inc/security functions.php to ensure it correctly handles files with no or unrecognized extensions.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Getsimple Cms