CVE-2014-2042

2014-04-2814:09:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-2042

unrestricted file upload

manage project functionality

livetecs timelive

remote authenticated users

arbitrary code execution

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.

CPENameOperatorVersion
livetecs:timelinelivetecs timelineeq4.3.1
livetecs:timelinelivetecs timelineeq3.8.1
livetecs:timelinelivetecs timelineeq4.9.1
livetecs:timelinelivetecs timelineeq5.2.1
livetecs:timelinelivetecs timelineeq6.2.4
livetecs:timelinelivetecs timelineeq3.5.1
livetecs:timelinelivetecs timelineeq3.6.1
livetecs:timelinelivetecs timelineeq6.2.3
livetecs:timelinelivetecs timelineeq3.7.1
livetecs:timelinelivetecs timelineeq3.0.1

CPE	Name	Operator	Version
livetecs:timeline	livetecs timeline	eq	4.3.1
livetecs:timeline	livetecs timeline	eq	3.8.1
livetecs:timeline	livetecs timeline	eq	4.9.1
livetecs:timeline	livetecs timeline	eq	5.2.1
livetecs:timeline	livetecs timeline	eq	6.2.4
livetecs:timeline	livetecs timeline	eq	3.5.1
livetecs:timeline	livetecs timeline	eq	3.6.1
livetecs:timeline	livetecs timeline	eq	6.2.3
livetecs:timeline	livetecs timeline	eq	3.7.1
livetecs:timeline	livetecs timeline	eq	3.0.1