PT-2019-6972 · Beanbag · Review Board

Publicado

2019-12-27

·

Atualizado

2020-01-07

·

CVE-2013-4796

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions ReviewBoard version 1.6.17
Description The issue allows code execution by attaching PHP scripts to a review request.
Recommendations For ReviewBoard version 1.6.17, update to a version that fixes this issue to prevent code execution by attached PHP scripts.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2013-4796

Produtos afetados

Review Board