Lucene search

[email protected]CVE-2014-2088

HistoryMar 02, 2014 - 5:55 p.m.

CVE-2014-2088

2014-03-0217:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-2088

ilias

file upload vulnerability

remote authenticated users

arbitrary php code

8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.

CPENameOperatorVersion
ilias:iliasiliaseq4.4.1

CPE	Name	Operator	Version
ilias:ilias	ilias	eq	4.4.1

References

packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html

8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2014-2088

cvelist1 prion1 openvas1