1 results (0.013 seconds)

CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 2

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. Vulnerabilidad de envío de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleboard) v1.0.1 y anteriores para Mambo permite a atacantes remotos ejecutar código de su elección mediante la subida de un fichero con extensión ejecutable y un contenido de tipo image/jpeg, para posteriormente acceder al fichero mediante una petición directa en components/com_simpleboard/, una vulnerabilidad diferente a CVE-2006-3528. • https://www.exploit-db.com/exploits/6868 http://www.securityfocus.com/bid/31981 https://exchange.xforce.ibmcloud.com/vulnerabilities/46223 • CWE-20: Improper Input Validation •