ID CVE-2010-0757
Summary Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/. Per: http://cwe.mitre.org/data/definitions/434.html CWE-434: Unrestricted Upload of File with Dangerous Type
References
Vulnerable Configurations
  • cpe:2.3:a:wikyblog:wikyblog:1.7.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:wikyblog:wikyblog:1.7.3:rc2:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 38386
exploit-db 11560
misc http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt
osvdb 62648
xf wikyblog-index-file-upload(56517)
Last major update 17-08-2017 - 01:32
Published 27-02-2010 - 00:30
Last modified 17-08-2017 - 01:32
Back to Top