CVE-2012-1153

Published Oct 6, 2012

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apprain:apprain:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77FDEB95-2B69-4DFF-B717-2D4A2FCB2F7B",
            "versionEndIncluding": "0.1.5"
          },
          {
            "criteria": "cpe:2.3:a:apprain:apprain:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEB240D3-D896-4B67-B48B-05805AF9DA82"
          },
          {
            "criteria": "cpe:2.3:a:apprain:apprain:0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7256F381-C007-404C-8A74-37AFD2F70D07"
          },
          {
            "criteria": "cpe:2.3:a:apprain:apprain:0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EB4E002-52A5-480F-82CC-845EA90F96E0"
          },
          {
            "criteria": "cpe:2.3:a:apprain:apprain:0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A8BDF90-06D3-43B7-BDC0-1DB38577B768"
          },
          {
            "criteria": "cpe:2.3:a:apprain:apprain:0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0C4D3E9-A92B-4ED9-84AF-43781AF623FA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References