Vulnerability Details CVE-2015-2780
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.319
EPSS Ranking 96.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2015-2780
-
cpe:2.3:a:berta:berta_cms:0.7.3b
-
cpe:2.3:a:berta:berta_cms:0.7.4b
-
cpe:2.3:a:berta:berta_cms:0.8.0b
-
cpe:2.3:a:berta:berta_cms:0.8.1b
-
cpe:2.3:a:berta:berta_cms:0.8.2b
-
cpe:2.3:a:berta:berta_cms:0.8.3b
-
cpe:2.3:a:berta:berta_cms:0.8.4b
-
cpe:2.3:a:berta:berta_cms:0.8.5a
-
cpe:2.3:a:berta:berta_cms:0.8.5b
-
cpe:2.3:a:berta:berta_cms:0.8.6a
-
cpe:2.3:a:berta:berta_cms:0.8.6b
-
cpe:2.3:a:berta:berta_cms:0.8.7a
-
cpe:2.3:a:berta:berta_cms:0.8.7b
-
cpe:2.3:a:berta:berta_cms:0.8.8b
-
cpe:2.3:a:berta:berta_cms:0.8.9b