Vulnerability CVE-2014-2025

Vulnerability CVE-2014-2025

Published: 2020-01-31 Modified: 2020-02-01

Description:

Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Intrexx Professional 6.0 / 5.2 Remote Code Execution	Christian Schnei...	16.12.2014

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

References:

http://www.christian-schneider.net/advisories/CVE-2014-2025.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/99568

https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31

Vulnerability CVE-2014-2025

See advisories in our WLB2 database:

High

Intrexx Professional 6.0 / 5.2 Remote Code Execution

CWE-434

References: