CVE-2015-5951 Information

Description

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2 which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html http://seclists.org/fulldisclosure/2015/Aug/25 http://www.securityfocus.com/archive/1/536163/100/0/threaded http://www.securityfocus.com/bid/76271 https://seclists.org/bugtraq/2015/Aug/32

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.9