NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02 | Mitigation Third Party Advisory US Government Resource |
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02 | Mitigation Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02 - Mitigation, Third Party Advisory, US Government Resource |
Information
Published : 2018-11-27 20:29
Updated : 2024-11-21 03:55
NVD link : CVE-2018-17936
Mitre link : CVE-2018-17936
CVE.ORG link : CVE-2018-17936
JSON object : View
Products Affected
nuuo
- nuuo_cms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type