Lucene search
K

4 matches found

NVD
NVD
added 2017/07/28 5:29 a.m.22 views

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

9.8CVSS9.5AI score0.01492EPSS
Exploits1References1
OSV
OSV
added 2017/07/28 5:29 a.m.5 views

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

9.8CVSS6.1AI score0.01492EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/07/28 5:0 a.m.22 views

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

9.5AI score0.01492EPSS
Exploits1References1
CVE
CVE
added 2017/07/28 5:0 a.m.53 views

CVE-2017-11715

MetInfo ≤ 5.3.17 is vulnerable due to blocking only the .php extension in job/uploadfile_save.php, while not blocking related extensions. An authenticated admin could upload a .phtml file after certain actions (involving admin/system/safe.php and job/cv.php) to execute arbitrary PHP code remotely...

9.8CVSS9.3AI score0.01492EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder