CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
References
Link Resource
http://marc.info/?l=vuln-dev&m=102511114021370&w=2 Mailing List Third Party Advisory
http://marc.info/?l=vuln-dev&m=102520790718208&w=2 Mailing List Third Party Advisory
http://online.securityfocus.com/archive/1/280340 Broken Link Third Party Advisory VDB Entry
http://www.iss.net/security_center/static/9438.php Broken Link
http://www.securityfocus.com/bid/5116 Broken Link Patch Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:noguska:nola:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:noguska:nola:1.1.2:*:*:*:*:*:*:*

History

26 Jan 2024, 20:01

Type Values Removed Values Added
References (BUGTRAQ) http://online.securityfocus.com/archive/1/280340 - (BUGTRAQ) http://online.securityfocus.com/archive/1/280340 - Broken Link, Third Party Advisory, VDB Entry
References (XF) http://www.iss.net/security_center/static/9438.php - (XF) http://www.iss.net/security_center/static/9438.php - Broken Link
References (VULN-DEV) http://marc.info/?l=vuln-dev&m=102520790718208&w=2 - (VULN-DEV) http://marc.info/?l=vuln-dev&m=102520790718208&w=2 - Mailing List, Third Party Advisory
References (VULN-DEV) http://marc.info/?l=vuln-dev&m=102511114021370&w=2 - (VULN-DEV) http://marc.info/?l=vuln-dev&m=102511114021370&w=2 - Mailing List, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/5116 - Patch (BID) http://www.securityfocus.com/bid/5116 - Broken Link, Patch, Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-434

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2002-1841

Mitre link : CVE-2002-1841

CVE.ORG link : CVE-2002-1841


JSON object : View

Products Affected

noguska

  • nola
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type