
We found results for “”
WS-2013-0011
Good to know:

Date: October 25, 2013
Code Execution attack in Uploadify 3.2.1 via file uploading. There are two methods of code execution: by using of symbol ";" (1.asp;.jpg) in file name (IIS) and by double extension (1.php.jpg) (Apache with special configuration).
Language: PHP
Severity Score
Severity Score
Top Fix

Upgrade Version
Upgrade to version nails/module-asset - dev-dependabot/npm_and_yarn/loader-utils-1.4.2;kitpages/file-bundle - v3.0.5;Inovout.Web.Mvc-KuaJing - no_fix;ajaxboy/cjax - no_fix;MVCEasyUIDemo - no_fix;dl/yag - v4.0.0;smart-core/felib-bundle - no_fix;NoteWo.Front - no_fix;gerardtoko/assetlib-bundle - no_fix;iionly/tidypics - 1.9.1beta14
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |