Vulnerability Description
Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tomatocms | Tomatocms | <= 2.0.6 |
References
- http://holisticinfosec.org/content/view/148/45/
- http://secunia.com/advisories/39680Vendor Advisory
- http://secunia.com/secunia_research/2010-57/Vendor Advisory
- http://www.securityfocus.com/bid/40544
- http://holisticinfosec.org/content/view/148/45/
- http://secunia.com/advisories/39680Vendor Advisory
- http://secunia.com/secunia_research/2010-57/Vendor Advisory
- http://www.securityfocus.com/bid/40544
FAQ
What is CVE-2010-1514?
CVE-2010-1514 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then acc...
How severe is CVE-2010-1514?
CVE-2010-1514 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1514?
Check the references section above for vendor advisories and patch information. Affected products include: Tomatocms Tomatocms.