PT-2017-14255 · Gpsurgery · Gpweb

Published

2017-12-18

Updated

2018-01-05

CVE-2017-15876

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GPWeb version 8.4.61

Description The issue allows remote authenticated users to upload any type of file, including a PHP shell, due to an Unrestricted File Upload vulnerability.

Recommendations For GPWeb version 8.4.61, update to a version that addresses the Unrestricted File Upload vulnerability, or as a temporary workaround, consider restricting file upload capabilities to authorized users and validating the type of files being uploaded to prevent malicious uploads.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-15876

Affected Products

Gpweb

PT-2017-14255 · Gpsurgery · Gpweb

CVE-2017-15876

Weakness Enumeration

Related Identifiers

Affected Products

References · 3