CVE-2015-6568

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfcms:wolf_cms:*:*:*:*:*:*:*:*

Information

Published : 2017-04-14 09:59

Updated : 2017-09-16 18:29


NVD link : CVE-2015-6568

Mitre link : CVE-2015-6568


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

wolfcms

  • wolf_cms