6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
86.8%
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.
CPE | Name | Operator | Version |
---|---|---|---|
adminsystems_cms_project:adminsystems_cms | adminsystems cms project adminsystems cms | le | 4.0.0 |
packetstormsecurity.com/files/130394/Landsknecht-Adminsystems-CMS-4.0.1-CSRF-XSS-File-Upload.html
seclists.org/fulldisclosure/2015/Feb/50
sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-14.html
www.openwall.com/lists/oss-security/2015/02/13/11
www.openwall.com/lists/oss-security/2015/02/14/1
www.openwall.com/lists/oss-security/2015/02/14/5
www.securityfocus.com/bid/72605
github.com/kneecht/adminsystems/issues/1
github.com/kneecht/adminsystems/releases/tag/4.0.2