CVE-2002-1841
5
CVSS Score
Medium
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Link copied!
Description
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a noguska nola 1.1.1 * * * * * * *
- a noguska nola 1.1.2 * * * * * * *
Weaknesses (CWE)
- CWE-434
References & External Links
- http://marc.info/?l=vuln-dev&m=102511114021370&w=2
- http://marc.info/?l=vuln-dev&m=102520790718208&w=2
- http://online.securityfocus.com/archive/1/280340
- http://www.iss.net/security_center/static/9438.php
- http://www.securityfocus.com/bid/5116
- http://marc.info/?l=vuln-dev&m=102511114021370&w=2
- http://marc.info/?l=vuln-dev&m=102520790718208&w=2
- http://online.securityfocus.com/archive/1/280340
- http://www.iss.net/security_center/static/9438.php
- http://www.securityfocus.com/bid/5116