映射到 CWE-434 的搜索结果 (24)

CVE-2017-3108(发布:2017-08-11 15:29:02)NMS
CVSS7.5

[原文]Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability.

CVE-2017-11154(发布:2017-08-08 11:29:07)NP
CVSS6.5

[原文]Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

CVE-2015-7571(发布:2017-08-07 16:29:00)NM
CVSS6.8

[原文]Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

CVE-2017-11756(发布:2017-07-30 14:29:00)N
CVSS6.0

[原文]In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.

CVE-2015-4462(发布:2017-07-25 14:29:00)NM
CVSS4.0

[原文]Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.

CVE-2015-4463(发布:2017-07-25 14:29:00)NM
CVSS4.0

[原文]The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.

1234下一页尾页 第1页 / 共4页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站