CVE-2015-4606 : Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache wit

Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.

Published 2015-06-16 16:59:06

Updated 2016-12-07 18:13:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2015-4606

Probability of exploitation activity in the next 30 days: 2.72%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-4606

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2015-4606

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/

Arbitrary Code Execution in extension Job Fair (jobfair)
Vendor Advisory
http://www.securityfocus.com/bid/75238

TYPO3 Job Fair Extension CVE-2015-4606 Arbitrary File Upload Vulnerability
http://typo3.org/extensions/repository/view/jobfair

Job Fair (jobfair)
Patch

Products affected by CVE-2015-4606

Job Fair Project » Job Fair » For Typo3
Versions up to, including, (<=) 1.0.0
cpe:2.3:a:job_fair_project:job_fair:*:*:*:*:*:typo3:*:*
Matching versions

Vulnerability Details : CVE-2015-4606

Exploit prediction scoring system (EPSS) score for CVE-2015-4606

CVSS scores for CVE-2015-4606

References for CVE-2015-4606

Products affected by CVE-2015-4606