Lucene search

[email protected]CVE-2017-14704

HistorySep 26, 2017 - 2:29 p.m.

CVE-2017-14704

2017-09-2614:29:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2017-14704

unrestricted file upload

laravel

airbnb clone

security vulnerability

remote code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.

Affected configurations

NVD

Node

claydipairbnb_cloneMatch1.0

CPENameOperatorVersion
claydip:airbnb_cloneclaydip airbnb cloneeq1.0

CPE	Name	Operator	Version
claydip:airbnb_clone	claydip airbnb clone	eq	1.0

References

www.exploit-db.com/exploits/42773/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2017-14704

zdt1 packetstorm1 exploitpack1 prion1 cvelist1 nvd1 exploitdb1