PT-2018-14285 · Nuuo · Nuuo Cms

Pedro Ribeiro

Published

2018-11-27

Updated

2019-10-09

CVE-2018-17936

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NUUO CMS versions 3.3 and prior

Description The issue allows the upload of arbitrary files that can modify or overwrite configuration files to the server, potentially enabling remote code execution.

Recommendations For versions 3.3 and prior, update to a version later than 3.3 to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-17936

Affected Products

Nuuo Cms

PT-2018-14285 · Nuuo · Nuuo Cms

CVE-2018-17936

Weakness Enumeration

Related Identifiers

Affected Products

References · 4