PT-2018-14958 · Clippercms · Clippercms
Hexifeo
·
Published
2018-11-21
·
Updated
2018-12-27
·
CVE-2018-19424
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ClipperCMS version 1.3.3
Description
The issue allows remote authenticated administrators to upload .htaccess files, which could potentially lead to security problems.
Recommendations
For ClipperCMS version 1.3.3, restrict access to the file upload feature for administrators until a patch is available, and consider disabling the ability to upload .htaccess files as a temporary workaround.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clippercms