Vulnerability Details CVE-2013-1668
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.091
EPSS Ranking 92.4%
CVSS Severity
CVSS v2 Score 8.5
References
- http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html
- http://osvdb.org/90927
- http://www.coscms.org/blog/view/4/Version-1.822
- http://www.exploit-db.com/exploits/24629
- http://www.securityfocus.com/bid/58332
- https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c
- https://www.htbridge.com/advisory/HTB23145
- http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html
- http://osvdb.org/90927
- http://www.coscms.org/blog/view/4/Version-1.822
- http://www.exploit-db.com/exploits/24629
- http://www.securityfocus.com/bid/58332
- https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c
- https://www.htbridge.com/advisory/HTB23145