4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.7%
choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.
CPE | Name | Operator | Version |
---|---|---|---|
easy-cms:easy-cms | easy-cms | eq | 0.1.2 |