ID CVE-2018-10760
Summary Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
packetstorm via4
data source https://packetstormsecurity.com/files/download/147603/projectpier088-sqlbypass.txt
id PACKETSTORM:147603
last seen 2018-05-15
published 2018-05-14
reporter Imre Rad
source https://packetstormsecurity.com/files/147603/ProjectPier-0.8.8-SQL-Injection-Authentication-Bypass-RFI.html
title ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
refmap via4
fulldisc 20180513 CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities
Last major update 16-05-2018 - 10:29
Published 16-05-2018 - 10:29
Last modified 16-05-2018 - 10:29
Back to Top