IQID:15336 HTTP October CMS 1.0.412 - PHP Asset Save Path Modification S

IQID:15336 HTTP October CMS 1.0.412 - PHP Asset Save Path Modification S

IQID: 15336 - June 2017

Authenticated user, with permission to manage website assets, can modify the path the file is saved to. This allows an attacker to save css, js, less, sass, scss files at different locations. Attacker can possibly use it to execute JavaScript on the site, if the application tries to require an file on the server that does not exist or the attacker manages to delete the file beforehand. When an attacker creates a new asset, then the following request is made.

A Full Description is available for this threat, please sign in for access to Full Description.

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

Date

Date Information is available for this threat, please sign in for access to Date Information.

Security Rule

A security rule is available to identify this threat, please sign in for access to security rules.

Permalink

Link directly to this page.

http://www.idappcom.com/db/?15336

© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.