CVE-2015-9263

Exploit

EPSS 64.32%
Veröffentlicht 27.08.2018 04:29:00
Zuletzt bearbeitet 21.11.2024 02:40:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Idera ≫ Uptime Infrastructure Monitor Version7.4.0

Idera ≫ Uptime Infrastructure Monitor Version7.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	64.32%	0.984

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/37888/

Third Party Advisory

Exploit

VDB Entry

https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-9263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-9263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-9263

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-9263