7.5

CVE-2014-9567

Exploit
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ProjectsendProjectsend Version100
ProjectsendProjectsend Version102
ProjectsendProjectsend Version105
ProjectsendProjectsend Version110
ProjectsendProjectsend Version155
ProjectsendProjectsend Version156
ProjectsendProjectsend Version157
ProjectsendProjectsend Version161
ProjectsendProjectsend Version180
ProjectsendProjectsend Version335
ProjectsendProjectsend Version375
ProjectsendProjectsend Version405
ProjectsendProjectsend Version412
ProjectsendProjectsend Version514
ProjectsendProjectsend Version561
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.89% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.