CVE-2014-2088

Severity

65%

Complexity

80%

Confidentiality

106%

Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.

Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-03-02 17:55:00

Last updated 10 years ago

2014-03-03 17:24:00

Affected Software

ILIAS 4.4.1

4.4.1

References

http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.