← Back

CVE-2014-2025

nvd nist
Published: Jan 31, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.

Affected (2)

Unitedplanet
1 product
Intrexx
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Unitedplanet
Intrexx
Version 5.2
Intrexx
Version 6.0

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.