CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5074

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.129

EPSS Ranking 93.8%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2015-5074

X2engine » X2crm » Version: 1.0

cpe:2.3:a:x2engine:x2crm:1.0
X2engine » X2crm » Version: 1.0.1

cpe:2.3:a:x2engine:x2crm:1.0.1
X2engine » X2crm » Version: 1.1.0

cpe:2.3:a:x2engine:x2crm:1.1.0
X2engine » X2crm » Version: 1.2.0

cpe:2.3:a:x2engine:x2crm:1.2.0
X2engine » X2crm » Version: 1.2.1

cpe:2.3:a:x2engine:x2crm:1.2.1
X2engine » X2crm » Version: 1.2.2

cpe:2.3:a:x2engine:x2crm:1.2.2
X2engine » X2crm » Version: 1.3

cpe:2.3:a:x2engine:x2crm:1.3
X2engine » X2crm » Version: 1.3.1

cpe:2.3:a:x2engine:x2crm:1.3.1
X2engine » X2crm » Version: 2.2

cpe:2.3:a:x2engine:x2crm:2.2
X2engine » X2crm » Version: 2.2.1

cpe:2.3:a:x2engine:x2crm:2.2.1
X2engine » X2crm » Version: 2.5

cpe:2.3:a:x2engine:x2crm:2.5
X2engine » X2crm » Version: 2.5.2

cpe:2.3:a:x2engine:x2crm:2.5.2
X2engine » X2crm » Version: 2.7

cpe:2.3:a:x2engine:x2crm:2.7
X2engine » X2crm » Version: 2.7.1

cpe:2.3:a:x2engine:x2crm:2.7.1
X2engine » X2crm » Version: 2.7.2

cpe:2.3:a:x2engine:x2crm:2.7.2
X2engine » X2crm » Version: 2.8

cpe:2.3:a:x2engine:x2crm:2.8
X2engine » X2crm » Version: 2.8.1

cpe:2.3:a:x2engine:x2crm:2.8.1
X2engine » X2crm » Version: 2.9

cpe:2.3:a:x2engine:x2crm:2.9
X2engine » X2crm » Version: 2.9.1

cpe:2.3:a:x2engine:x2crm:2.9.1
X2engine » X2crm » Version: 3.0

cpe:2.3:a:x2engine:x2crm:3.0
X2engine » X2crm » Version: 3.0.1

cpe:2.3:a:x2engine:x2crm:3.0.1
X2engine » X2crm » Version: 3.0.2

cpe:2.3:a:x2engine:x2crm:3.0.2
X2engine » X2crm » Version: 3.1

cpe:2.3:a:x2engine:x2crm:3.1
X2engine » X2crm » Version: 3.1.1

cpe:2.3:a:x2engine:x2crm:3.1.1
X2engine » X2crm » Version: 3.1.2

cpe:2.3:a:x2engine:x2crm:3.1.2
X2engine » X2crm » Version: 3.2

cpe:2.3:a:x2engine:x2crm:3.2
X2engine » X2crm » Version: 3.3

cpe:2.3:a:x2engine:x2crm:3.3
X2engine » X2crm » Version: 3.3.1

cpe:2.3:a:x2engine:x2crm:3.3.1
X2engine » X2crm » Version: 3.3.2

cpe:2.3:a:x2engine:x2crm:3.3.2
X2engine » X2crm » Version: 3.4

cpe:2.3:a:x2engine:x2crm:3.4
X2engine » X2crm » Version: 3.4.1

cpe:2.3:a:x2engine:x2crm:3.4.1
X2engine » X2crm » Version: 3.5

cpe:2.3:a:x2engine:x2crm:3.5
X2engine » X2crm » Version: 3.5.1

cpe:2.3:a:x2engine:x2crm:3.5.1
X2engine » X2crm » Version: 3.5.2

cpe:2.3:a:x2engine:x2crm:3.5.2
X2engine » X2crm » Version: 3.5.5

cpe:2.3:a:x2engine:x2crm:3.5.5
X2engine » X2crm » Version: 3.5.6

cpe:2.3:a:x2engine:x2crm:3.5.6
X2engine » X2crm » Version: 3.6

cpe:2.3:a:x2engine:x2crm:3.6
X2engine » X2crm » Version: 3.6.1

cpe:2.3:a:x2engine:x2crm:3.6.1
X2engine » X2crm » Version: 3.6.2

cpe:2.3:a:x2engine:x2crm:3.6.2
X2engine » X2crm » Version: 3.6.3

cpe:2.3:a:x2engine:x2crm:3.6.3
X2engine » X2crm » Version: 3.7

cpe:2.3:a:x2engine:x2crm:3.7
X2engine » X2crm » Version: 3.7.1

cpe:2.3:a:x2engine:x2crm:3.7.1
X2engine » X2crm » Version: 3.7.2

cpe:2.3:a:x2engine:x2crm:3.7.2
X2engine » X2crm » Version: 3.7.3

cpe:2.3:a:x2engine:x2crm:3.7.3
X2engine » X2crm » Version: 3.7.3b

cpe:2.3:a:x2engine:x2crm:3.7.3b
X2engine » X2crm » Version: 3.7.4

cpe:2.3:a:x2engine:x2crm:3.7.4
X2engine » X2crm » Version: 3.7.5

cpe:2.3:a:x2engine:x2crm:3.7.5
X2engine » X2crm » Version: 4.0

cpe:2.3:a:x2engine:x2crm:4.0
X2engine » X2crm » Version: 4.0.1

cpe:2.3:a:x2engine:x2crm:4.0.1
X2engine » X2crm » Version: 4.0.2

cpe:2.3:a:x2engine:x2crm:4.0.2
X2engine » X2crm » Version: 4.1

cpe:2.3:a:x2engine:x2crm:4.1
X2engine » X2crm » Version: 4.1.1

cpe:2.3:a:x2engine:x2crm:4.1.1
X2engine » X2crm » Version: 4.1.2

cpe:2.3:a:x2engine:x2crm:4.1.2
X2engine » X2crm » Version: 4.1.2b

cpe:2.3:a:x2engine:x2crm:4.1.2b
X2engine » X2crm » Version: 4.1.3

cpe:2.3:a:x2engine:x2crm:4.1.3
X2engine » X2crm » Version: 4.1.4

cpe:2.3:a:x2engine:x2crm:4.1.4
X2engine » X2crm » Version: 4.1.4b

cpe:2.3:a:x2engine:x2crm:4.1.4b
X2engine » X2crm » Version: 4.1.5

cpe:2.3:a:x2engine:x2crm:4.1.5
X2engine » X2crm » Version: 4.1.6

cpe:2.3:a:x2engine:x2crm:4.1.6
X2engine » X2crm » Version: 4.1.6b

cpe:2.3:a:x2engine:x2crm:4.1.6b
X2engine » X2crm » Version: 4.1.6b2

cpe:2.3:a:x2engine:x2crm:4.1.6b2
X2engine » X2crm » Version: 4.1.7

cpe:2.3:a:x2engine:x2crm:4.1.7
X2engine » X2crm » Version: 4.2

cpe:2.3:a:x2engine:x2crm:4.2
X2engine » X2crm » Version: 4.2.1

cpe:2.3:a:x2engine:x2crm:4.2.1
X2engine » X2crm » Version: 4.2b

cpe:2.3:a:x2engine:x2crm:4.2b
X2engine » X2crm » Version: 4.3

cpe:2.3:a:x2engine:x2crm:4.3
X2engine » X2crm » Version: 4.3b

cpe:2.3:a:x2engine:x2crm:4.3b
X2engine » X2crm » Version: 5.0

cpe:2.3:a:x2engine:x2crm:5.0
X2engine » X2crm » Version: 5.0.1

cpe:2.3:a:x2engine:x2crm:5.0.1
X2engine » X2crm » Version: 5.0.2

cpe:2.3:a:x2engine:x2crm:5.0.2
X2engine » X2crm » Version: 5.0.3

cpe:2.3:a:x2engine:x2crm:5.0.3
X2engine » X2crm » Version: 5.0.3b

cpe:2.3:a:x2engine:x2crm:5.0.3b
X2engine » X2crm » Version: 5.0.4

cpe:2.3:a:x2engine:x2crm:5.0.4
X2engine » X2crm » Version: 5.0.5

cpe:2.3:a:x2engine:x2crm:5.0.5
X2engine » X2crm » Version: 5.0.5b

cpe:2.3:a:x2engine:x2crm:5.0.5b
X2engine » X2crm » Version: 5.0.6

cpe:2.3:a:x2engine:x2crm:5.0.6
X2engine » X2crm » Version: 5.0.7

cpe:2.3:a:x2engine:x2crm:5.0.7
X2engine » X2crm » Version: 5.0.8

cpe:2.3:a:x2engine:x2crm:5.0.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5074

Products

Pricing

Contact Us