Lucene search

[email protected]CVE-2003-1552

HistoryMar 08, 2008 - 12:00 a.m.

CVE-2003-1552

2008-03-0800:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2003-1552

file upload vulnerability

remote code execution

uploader 1.1

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.

Affected configurations

NVD

Node

graemeuploaderMatch1.1

CPENameOperatorVersion
graeme:uploadergraeme uploadereq1.1

CPE	Name	Operator	Version
graeme:uploader	graeme uploader	eq	1.1

References

www.securityfocus.com/archive/1/313787/30/25670/threaded

www.securityfocus.com/archive/1/313819/30/25640/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/11467

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2003-1552

nvd1 cvelist1