Vulnerability Description
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Noguska | Nola | 1.1.1 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=vuln-dev&m=102511114021370&w=2Mailing ListThird Party Advisory
- http://marc.info/?l=vuln-dev&m=102520790718208&w=2Mailing ListThird Party Advisory
- http://online.securityfocus.com/archive/1/280340Broken LinkThird Party AdvisoryVDB Entry
- http://www.iss.net/security_center/static/9438.phpBroken Link
- http://www.securityfocus.com/bid/5116Broken LinkPatchThird Party Advisory
- http://marc.info/?l=vuln-dev&m=102511114021370&w=2Mailing ListThird Party Advisory
- http://marc.info/?l=vuln-dev&m=102520790718208&w=2Mailing ListThird Party Advisory
- http://online.securityfocus.com/archive/1/280340Broken LinkThird Party AdvisoryVDB Entry
- http://www.iss.net/security_center/static/9438.phpBroken Link
- http://www.securityfocus.com/bid/5116Broken LinkPatchThird Party Advisory
FAQ
What is CVE-2002-1841?
CVE-2002-1841 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions s...
How severe is CVE-2002-1841?
CVE-2002-1841 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1841?
Check the references section above for vendor advisories and patch information. Affected products include: Noguska Nola.