CVE-2018-15601

Published: Aug 21, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.

Affected (1)

Products: Elefantcms: Elefantcms

Elefantcms

1 product

Elefantcms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elefantcms Elefantcms	Version 2.0.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.