Malicious File Upload Vulnerability in WonderCMS - WonderCMS 2.3.1
CVE-2017-14521

8.8HIGH

Key Information:

Vendor: Wondercms
Status: Wondercms
Vendor: CVE Published:; 26 January 2018

What is CVE-2017-14521?

A vulnerability in WonderCMS version 2.3.1 allows for unauthorized application uploads through its upload functionality. This weakness enables attackers to upload files with random application extensions, potentially leading to the execution of malicious payloads. This flaw emphasizes the importance of validating file types and securing upload mechanisms in web applications to prevent exploitation.

References

https://securitywarrior9.blogspot.in/2018/01/vulnerabilit...

x_refsource_MISC

https://www.exploit-db.com/exploits/43963/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2018
Vulnerability Reserved
Sep 17, 2017

Wondercms

What is CVE-2017-14521?

References

CVSS V3.1

Timeline