CVE-2018-15601 Information

Description

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the \Cannot upload executable files\ protection mechanism.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05 apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the \Cannot upload executable files
protection mechanism.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8