CVE-2017-5520

MEDIUM(6.5)

AV:N/AC:L/Au:S/C:P/I:P/A:P

Risk Signal Score16/100 — NIEDRIG

CVSS 6.5 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.

Referenzen

http://www.securityfocus.com/bid/95460
https://github.com/semplon/GeniXCMS/issues/62
http://www.securityfocus.com/bid/95460
https://github.com/semplon/GeniXCMS/issues/62