← Back

CVE-2010-1514

nvd nist
Published: Jun 15, 2010Modified: Apr 29, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.

Affected (9)

Products: Tomatocms: Tomatocms
Tomatocms
1 product
Tomatocms
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Tomatocms
Tomatocms
Up to 2.0.6
Tomatocms
Version 2.0.0
Tomatocms
Version 2.0.1
Tomatocms
Version 2.0.2
Tomatocms
Version 2.0.3.1430
Tomatocms
Version 2.0.3.1622
Tomatocms
Version 2.0.3
Tomatocms
Version 2.0.4
Tomatocms
Version 2.0.5

References (8)

Source: PSIRT-CNA@flexerasoftware.com
Source: PSIRT-CNA@flexerasoftware.com
Vendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
Vendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.