CVE-2002-1841

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions NOLA versions 1.1.1 through 1.1.2

Description The document management module does not restrict the types of files that are uploaded, allowing remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

Recommendations For versions 1.1.1 and 1.1.2, restrict the types of files that can be uploaded to the document management module to prevent the execution of arbitrary PHP files. As a temporary workaround, consider disabling the file upload feature in the document management module until a patch is available.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2002-1841

Affected Products

Nola

CVE-2002-1841

Weakness Enumeration

Related Identifiers

Affected Products

References · 7