CVE-2011-5004
Published Dec 25, 2011
Last updated 13 years ago
Overview
- Description
- Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34FFE454-F543-4C5E-A0C2-66C3AE55D11C",
"versionEndIncluding": "2.1"
},
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D99E7AAD-7334-42C2-856E-4BE0ABBED097"
},
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CBCDEBA-EC87-4671-B8DF-F2EB38FB1EFB"
},
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2AFD198-6B30-4991-8873-FBE32BBD4E34"
},
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "314C5956-E3AE-469E-AE2B-CDCCF8661870"
},
{
"criteria": "cpe:2.3:a:fabrikar:com_fabrikar:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "557F950F-8D8E-4384-8233-A3E3193C065D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]