CVE-2016-5661

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.
References
Link Resource
http://www.kb.cert.org/vuls/id/JLAD-ABMPVA Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/665280 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/91765
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:accela:civic_platform_citizen_access_portal:-:*:*:*:*:*:*:*

Information

Published : 2016-07-15 11:59

Updated : 2016-11-28 12:28


NVD link : CVE-2016-5661

Mitre link : CVE-2016-5661


JSON object : View

CWE
CWE-284

Improper Access Control

Advertisement

dedicated server usa

Products Affected

accela

  • civic_platform_citizen_access_portal