Vulnerability CVE-2011-2933

Vulnerability CVE-2011-2933

Published: 2020-01-14 Modified: 2020-01-15

Description:

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Websitebaker -> Websitebaker

References:

https://www.openwall.com/lists/oss-security/2011/08/19/12

Copyright 2024, cxsecurity.com