CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-11715

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 6.5

References

https://lncken.cn/?p=316
https://lncken.cn/?p=316

Products affected by CVE-2017-11715

Metinfo Project » Metinfo » Version: Any

cpe:2.3:a:metinfo_project:metinfo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11715

Products

Pricing

Contact Us