PT-2019-18723 · Nc · Nc-Cms
Publicado
2019-02-11
·
Atualizado
2019-02-11
·
CVE-2019-7721
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
nc-cms version 3.5
Description
The issue allows for the upload of .php files. This is achieved through the index.php?action=save endpoint, utilizing the
name and editordata parameters.Recommendations
For nc-cms version 3.5, restrict access to the index.php?action=save endpoint to prevent the upload of malicious .php files. Consider temporarily disabling the file upload functionality until a fix is available. Avoid using the
name and editordata parameters in the affected endpoint until the issue is resolved.Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nc-Cms