The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
References
Link | Resource |
---|---|
http://marc.info/?l=vuln-dev&m=102511114021370&w=2 | Mailing List Third Party Advisory |
http://marc.info/?l=vuln-dev&m=102520790718208&w=2 | Mailing List Third Party Advisory |
http://online.securityfocus.com/archive/1/280340 | Broken Link Third Party Advisory VDB Entry |
http://www.iss.net/security_center/static/9438.php | Broken Link |
http://www.securityfocus.com/bid/5116 | Broken Link Patch Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
26 Jan 2024, 20:01
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://online.securityfocus.com/archive/1/280340 - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) http://www.iss.net/security_center/static/9438.php - Broken Link | |
References | (VULN-DEV) http://marc.info/?l=vuln-dev&m=102520790718208&w=2 - Mailing List, Third Party Advisory | |
References | (VULN-DEV) http://marc.info/?l=vuln-dev&m=102511114021370&w=2 - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/5116 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
CWE | CWE-434 |
Information
Published : 2002-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-1841
Mitre link : CVE-2002-1841
CVE.ORG link : CVE-2002-1841
JSON object : View
Products Affected
noguska
- nola
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type