CNNVD-202508-774 Information

CNNVD ID

CNNVD-202508-774

Related CVE

CVE-2012-10036

• CNNVD Published: 2025-08-08

Description (Chinese)

ProjectPier是ProjectPier开源的一个团队管理系统。 ProjectPier 0.8.8及之前版本存在安全漏洞，该漏洞源于tools/upload_file.php未验证文件类型或身份验证，可能导致任意文件上传和远程代码执行。

Description (English)

ProjectPier is a team management system for the open source of ProjectPier. Project Pierre 0.8.8 and previous versions contained a security loophole, which originated from the failure to verify the type or authentication of the document at the tools/upload file.php, which could result in the uploading of any document and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ProjectPier

Published

2025-08-08

Last Modified

2026-02-24

References

https://packetstorm.news/files/id/117070 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/projectpier_upload_exec.rb http://www.projectpier.org/ https://web.archive.org/web/20120111090432/ https://www.exploit-db.com/exploits/21929 https://www.opensourcecms.com/projectpier/ https://www.vulncheck.com/advisories/project-pier-arbitrary-file-upload-rce https://access.redhat.com/security/cve/cve-2012-10036