Vulnerability Details : CVE-2011-0678
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
Vulnerability category: Execute code
Products affected by CVE-2011-0678
- cpe:2.3:a:lomtec:activeweb:3.0:*:professional:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0678
28.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0678
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2011-0678
-
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-002.html
Play Skull Duggery Pokies to Win Prizes and Real Cash TooExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65013
Lomtec ActiveWeb Professional EasyEdit.cfm file upload CVE-2011-0678 Vulnerability Report
-
http://www.securityfocus.com/bid/45985
ActiveWeb Professional Arbitrary File Upload VulnerabilityExploit
-
http://www.vupen.com/english/advisories/2011/0217
Webmail | OVH- OVH
-
http://www.kb.cert.org/vuls/id/528212
VU#528212 - Lomtec ActiveWeb Professional 3.0 CMS allows arbitrary file upload and executionUS Government Resource
Jump to