5

CVE-2004-1545

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoniwikiMoniwiki Version1.0.8
MoniwikiMoniwiki Version1.0.9
MoniwikiMoniwiki Version1.0.9.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0448.html
Patch
Vendor Advisory
http://kldp.net/scm/cvsweb.php/moniwiki/plugin/UploadFile.php.diff?cvsroot=moniwiki&only_with_tag=HEAD&r1=text&tr1=1.17&r2=text&tr2=1.16&f=h
http://marc.info/?l=bugtraq&m=110314544711884&w=2
http://secunia.com/advisories/13478
Vendor Advisory
http://www.securityfocus.com/bid/11951
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18493