CVE-2018-15601

EPSS 0.43%
Veröffentlicht 21.08.2018 02:29:00
Zuletzt bearbeitet 21.11.2024 03:51:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elefantcms ≫ Elefantcms Version2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.599

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15601

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-15601