Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive prior to 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
livetecs timeline 6.2.71 |
||
livetecs timeline 6.2.7 |
||
livetecs timeline 4.3.1 |
||
livetecs timeline 4.2.1 |
||
livetecs timeline 3.0.5 |
||
livetecs timeline 3.0.3 |
||
livetecs timeline 6.2.3 |
||
livetecs timeline 6.2.1 |
||
livetecs timeline 3.6.1 |
||
livetecs timeline 3.5.1 |
||
livetecs timeline 2.91 |
||
livetecs timeline 2.81 |
||
livetecs timeline 6.2.6 |
||
livetecs timeline 6.2.4 |
||
livetecs timeline 3.8.1 |
||
livetecs timeline 3.7.1 |
||
livetecs timeline 3.0.1 |
||
livetecs timeline 2.94 |
||
livetecs timeline |
||
livetecs timeline 6.0.1 |
||
livetecs timeline 5.2.1 |
||
livetecs timeline 4.9.1 |
||
livetecs timeline 3.2.1 |
||
livetecs timeline 3.1.1 |