Lucene search

K
cve[email protected]CVE-2011-5004
HistoryDec 25, 2011 - 1:55 a.m.

CVE-2011-5004

2011-12-2501:55:04
web.nvd.nist.gov
22
cve-2011-5004
vulnerability
file upload
fabrik
joomla!
remote code execution
nvd

7.6 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

81.0%

Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Affected configurations

NVD
Node
fabrikarcom_fabrikarRange2.1
OR
fabrikarcom_fabrikarMatch1.0.1
OR
fabrikarcom_fabrikarMatch1.0.6
OR
fabrikarcom_fabrikarMatch2.0.2
OR
fabrikarcom_fabrikarMatch2.0.4
OR
fabrikarcom_fabrikarMatch2.0.5
AND
joomlajoomla\!

7.6 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

81.0%

Related for CVE-2011-5004