PT-2017-11925 · Tilde · Tilde Cms

Published

2017-07-24

Updated

2019-10-03

CVE-2017-11326

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Tilde CMS version 1.0.1

Description An issue in Tilde CMS allows bypassing restrictions on arbitrary file upload by manipulating the filename with +php.

Recommendations For Tilde CMS version 1.0.1, consider restricting or validating file uploads to prevent arbitrary file upload via filename manipulation until a patch is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-11326

Affected Products

Tilde Cms

PT-2017-11925 · Tilde · Tilde Cms

CVE-2017-11326

Weakness Enumeration

Related Identifiers

Affected Products

References · 3