CVE-2014-9619 in Netsweeper
Сводка (Английский)
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Резервировать
16.01.2015
Раскрытие
19.09.2017
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 77516 | Netsweeper AJAX File Manager эскалация привилегий | 434 | Доказательство концепции | Официальное исправление | CVE-2014-9619 |