Unrestricted file upload

2014-06-1314:55:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.049 Low

EPSS

Percentile

92.8%

JSON

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

CPENameOperatorVersion
sharetronixle3.1.1
sharetronixeq3.1.1.3

CPE	Name	Operator	Version
	sharetronix	le	3.1.1
	sharetronix	eq	3.1.1.3

References

osvdb.org/100604

secunia.com/advisories/53936

secunia.com/secunia_research/2013-9/

www.securityfocus.com/bid/64102

exchange.xforce.ibmcloud.com/vulnerabilities/89502