CVE-2010-1514
Published Jun 15, 2010
Last updated 14 years ago
Overview
- Description
- Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A3B2955-342C-49B4-915D-EDBDB966C62F",
"versionEndIncluding": "2.0.6"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C22F58CF-182C-459F-9935-B3A729413160"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E018B4F5-A3A6-4D0F-BD89-59743A38BEF3"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB0D9BD7-3C4A-478D-B378-E7E7E8014C3A"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EDC1737-FD83-40FF-A3AB-D4FFF524B8C3"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.3.1430:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFA24A70-6715-48EF-9D3E-51EFC3DD8CDC"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.3.1622:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C8D5050-CC12-423C-A1A0-8410B2818D24"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53B3A38E-B871-4A1A-A52C-FF42222302CD"
},
{
"criteria": "cpe:2.3:a:tomatocms:tomatocms:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58E5EFB3-4FA4-46AE-A948-7606DD7DDE44"
}
],
"operator": "OR"
}
]
}
]