CVE-2014-8997

HIGH(7.5)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Risk Signal Score21/100 — NIEDRIG

CVSS 7.5 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.5

Technische Schwere

Beschreibung

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.

Referenzen

http://packetstormsecurity.com/files/129108/Digi-Online-Examination-System-2.0-S...
http://www.exploit-db.com/exploits/35223
https://exchange.xforce.ibmcloud.com/vulnerabilities/98662
http://packetstormsecurity.com/files/129108/Digi-Online-Examination-System-2.0-S...
http://www.exploit-db.com/exploits/35223
https://exchange.xforce.ibmcloud.com/vulnerabilities/98662