NVD

Id
33010  
Name
CVE-2014-5298  
Description
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2014-10-09  
Modified Date
2014-10-10  
Seq
2014-5298  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173253 33010 CVE-2014-5298 http://karmainsecurity.com/KIS-2014-10  View
173254 33010 CVE-2014-5298 http://packetstormsecurity.com/files/128353/X2Engine-4.1.7-Unrestricted-File-Upload.html  View
173255 33010 CVE-2014-5298 20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability  View
173256 33010 CVE-2014-5298 20140923 [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability  View
173257 33010 CVE-2014-5298 https://github.com/X2Engine/X2Engine/blob/master/CHANGELOG.md  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
15777 JVNDB-2014-004652 X2Engine の FileUploadsFilter.php におけるアップロードブラックリストを回避される脆弱性 X2Engine の FileUploadsFilter.php は、大文字と小文字を区別しないファイルシステム上で稼動する場合、アップロードブラックリスト (upload blacklist) を回避され、無制限にファイルアップロード攻撃を実行される脆弱性が存在します。 CVE-2014-5298 72587 CVE-2014-5298 33010 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004652.html 2014-08-05 2014-10-14 View