Vulnerability Details CVE-2014-9619
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 90.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2014-9619
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.1
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.10
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.11
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.12
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.13
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.14
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.15
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.16
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.2
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.4
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.5
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.6
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.7
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.8
-
cpe:2.3:a:netsweeper:netsweeper:2.6.29.9
-
cpe:2.3:a:netsweeper:netsweeper:3.0.0
-
cpe:2.3:a:netsweeper:netsweeper:3.0.1
-
cpe:2.3:a:netsweeper:netsweeper:3.0.2
-
cpe:2.3:a:netsweeper:netsweeper:3.0.3
-
cpe:2.3:a:netsweeper:netsweeper:3.0.4
-
cpe:2.3:a:netsweeper:netsweeper:3.0.5
-
cpe:2.3:a:netsweeper:netsweeper:3.0.6
-
cpe:2.3:a:netsweeper:netsweeper:3.0.7
-
cpe:2.3:a:netsweeper:netsweeper:3.0.8
-
cpe:2.3:a:netsweeper:netsweeper:3.0.9
-
cpe:2.3:a:netsweeper:netsweeper:3.1.0
-
cpe:2.3:a:netsweeper:netsweeper:3.1.1
-
cpe:2.3:a:netsweeper:netsweeper:3.1.2
-
cpe:2.3:a:netsweeper:netsweeper:3.1.3
-
cpe:2.3:a:netsweeper:netsweeper:3.1.4
-
cpe:2.3:a:netsweeper:netsweeper:3.1.5
-
cpe:2.3:a:netsweeper:netsweeper:3.1.6
-
cpe:2.3:a:netsweeper:netsweeper:3.1.7
-
cpe:2.3:a:netsweeper:netsweeper:3.1.8
-
cpe:2.3:a:netsweeper:netsweeper:3.1.9
-
cpe:2.3:a:netsweeper:netsweeper:4.0.0
-
cpe:2.3:a:netsweeper:netsweeper:4.0.1
-
cpe:2.3:a:netsweeper:netsweeper:4.0.2
-
cpe:2.3:a:netsweeper:netsweeper:4.0.3
-
cpe:2.3:a:netsweeper:netsweeper:4.0.4
-
cpe:2.3:a:netsweeper:netsweeper:4.0.5
-
cpe:2.3:a:netsweeper:netsweeper:4.0.6
-
cpe:2.3:a:netsweeper:netsweeper:4.0.7
-
cpe:2.3:a:netsweeper:netsweeper:4.0.8
-
cpe:2.3:a:netsweeper:netsweeper:4.1.0
-
cpe:2.3:a:netsweeper:netsweeper:4.1.1