8.8

CVE-2015-6568

Exploit
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WolfcmsWolf Cms Version <= 0.8.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.55% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.websecgeeks.com/2015/08/wolf-cms-arbitrary-file-upload-to.html
Third Party Advisory
Exploit
Technical Description
https://github.com/wolfcms/wolfcms/commit/2160275b60736f706dfda132c7c46728c5b255fa
Patch
Third Party Advisory
https://github.com/wolfcms/wolfcms/issues/625
Third Party Advisory
https://github.com/wolfcms/wolfcms/releases/tag/0.8.3.1
Third Party Advisory
Release Notes
https://www.exploit-db.com/exploits/38000/
https://www.exploit-db.com/exploits/40004/
https://www.wolfcms.org/blog/2015/08/10/releasing-wolf-cms-0-8-3-1.html
Third Party Advisory
Release Notes