ID | CVE-2015-5457 | ||||||
Sažetak | PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | AV:N/AC:L/Au:N/C:P/I:P/A:P | ||||||
Zadnje važnije ažuriranje | 09-10-2018 - 19:57 | ||||||
Objavljeno | 08-07-2015 - 15:59 |