Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/665280 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/91765 |
Configurations
Information
Published : 2016-07-15 11:59
Updated : 2016-11-28 12:28
NVD link : CVE-2016-5661
Mitre link : CVE-2016-5661
JSON object : View
CWE
CWE-284
Improper Access Control
Products Affected
accela
- civic_platform_citizen_access_portal