Vulnerability CVE-2017-15876

Vulnerability CVE-2017-15876

Published: 2017-12-18 Modified: 2017-12-19

Description:

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9/10	10/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Sistemagpweb -> Gpweb

References:

https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel

Vulnerability CVE-2017-15876

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.

CWE-434

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

9/10

10/10

8/10

Remote

Low

Single time

Complete

Complete

Complete

Affected software

References: