Lucene search

[email protected]CVE-2011-1329

HistoryMay 31, 2011 - 8:55 p.m.

CVE-2011-1329

2011-05-3120:55:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1329

walrack

file upload

remote code execution

security vulnerability

nvd

php

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.

Affected configurations

NVD

Node

walrus_digitwalrackMatch1.0.1

walrus_digitwalrackMatch1.1.1

walrus_digitwalrackMatch1.1.2

walrus_digitwalrackMatch1.1.3

walrus_digitwalrackMatch1.1.4

walrus_digitwalrackMatch1.1.5

walrus_digitwalrackMatch1.1.6

walrus_digitwalrackMatch1.1.7

walrus_digitwalrackMatch1.1.8

walrus_digitwalrackMatch2.0.1

walrus_digitwalrackMatch2.0.2

walrus_digitwalrackMatch2.0.3

walrus_digitwalrackMatch2.0.4

walrus_digitwalrackMatch2.0.5

walrus_digitwalrackMatch2.0.6

CPENameOperatorVersion
walrus_digit:walrackwalrus digit walrackeq1.0.1
walrus_digit:walrackwalrus digit walrackeq1.1.1
walrus_digit:walrackwalrus digit walrackeq1.1.2
walrus_digit:walrackwalrus digit walrackeq1.1.3
walrus_digit:walrackwalrus digit walrackeq1.1.4
walrus_digit:walrackwalrus digit walrackeq1.1.5
walrus_digit:walrackwalrus digit walrackeq1.1.6
walrus_digit:walrackwalrus digit walrackeq1.1.7
walrus_digit:walrackwalrus digit walrackeq1.1.8
walrus_digit:walrackwalrus digit walrackeq2.0.1

CPE	Name	Operator	Version
walrus_digit:walrack	walrus digit walrack	eq	1.0.1
walrus_digit:walrack	walrus digit walrack	eq	1.1.1
walrus_digit:walrack	walrus digit walrack	eq	1.1.2
walrus_digit:walrack	walrus digit walrack	eq	1.1.3
walrus_digit:walrack	walrus digit walrack	eq	1.1.4
walrus_digit:walrack	walrus digit walrack	eq	1.1.5
walrus_digit:walrack	walrus digit walrack	eq	1.1.6
walrus_digit:walrack	walrus digit walrack	eq	1.1.7
walrus_digit:walrack	walrus digit walrack	eq	1.1.8
walrus_digit:walrack	walrus digit walrack	eq	2.0.1

Rows per page:

1-10 of 151

References

digit.que.ne.jp/work/index.cgi?WalRack

digit.que.ne.jp/work/index.cgi?WalRack2

jvn.jp/en/jp/JVN46984044/54827/index.html

jvn.jp/en/jp/JVN46984044/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000032

www.securityfocus.com/bid/48001

exchange.xforce.ibmcloud.com/vulnerabilities/67641

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2011-1329

cvelist2 nvd2 prion2 jvn1 cve1