Vulnerability Description
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.
CVSS Score
9.9
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thomsonreuters | Fatca | < 5.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-FileThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Aug/25Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/536163/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/76271Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2015/Aug/32Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-FileThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Aug/25Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/536163/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/76271Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2015/Aug/32Mailing ListThird Party Advisory
FAQ
What is CVE-2015-5951?
CVE-2015-5951 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.
How severe is CVE-2015-5951?
CVE-2015-5951 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-5951?
Check the references section above for vendor advisories and patch information. Affected products include: Thomsonreuters Fatca.