CVE-2011-5004
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
Vulnerabilidad de subida no restringida de ficheros en models/importcsv.php en el componente Fabrik (com_fabrik) anterior a v2.1.1 para Joomla! permite a atacantes remotos con privilegios Manager ejecutar código de su elección al subir un fichero con una extensión ejecutable, accediendo posteriormente mediante una petición directa del fichero en un directorio no especificado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-24 CVE Reserved
- 2011-12-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.ohloh.net/p/3417/commits/145749116 | X_refsource_confirm | |
| http://www.osvdb.org/77371 | Vdb Entry | |
| http://www.securityfocus.com/bid/50823 | Vdb Entry | |
| http://www.vulnerability-lab.com/get_content.php?id=342 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/47036 | 2012-02-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | <= 2.1 Search vendor "Fabrikar" for product "Com Fabrikar" and version " <= 2.1" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | 1.0.1 Search vendor "Fabrikar" for product "Com Fabrikar" and version "1.0.1" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | 1.0.6 Search vendor "Fabrikar" for product "Com Fabrikar" and version "1.0.6" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | 2.0.2 Search vendor "Fabrikar" for product "Com Fabrikar" and version "2.0.2" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | 2.0.4 Search vendor "Fabrikar" for product "Com Fabrikar" and version "2.0.4" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|
| Fabrikar Search vendor "Fabrikar" | Com Fabrikar Search vendor "Fabrikar" for product "Com Fabrikar" | 2.0.5 Search vendor "Fabrikar" for product "Com Fabrikar" and version "2.0.5" | - |
Affected
| in | Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | * | - |
Safe
|