CVE-2009-2270

MEDIUM(6.8)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Risk Signal Score18/100 — NIEDRIG

CVSS 6.8 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.8

Technische Schwere

Beschreibung

Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.

Referenzen

http://www.securityfocus.com/archive/1/504653/100/0/threaded
http://www.securityfocus.com/archive/1/504653/100/0/threaded