CVE-2015-5951

Published: Jan 6, 2020Modified: Nov 21, 2024

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

Affected (1)

Products: Thomsonreuters: Fatca

Thomsonreuters

1 product

Fatca

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thomsonreuters Fatca	Before 5.2

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (10)

http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/Aug/25

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/536163/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/76271

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://seclists.org/bugtraq/2015/Aug/32

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html