CVE-2015-1587

Published: 19/02/2015 Updated: 21/02/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and previous versions and GEC/GED 1.4 and previous versions allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
maarch letterbox
maarch gec/ged

/****************************************************** # Exploit Title: Maarch 14 Arbitrary file upload # Google Dork: intext:"Maarch Maerys Archive v21 logo" # Date: 29/10/2014 # Exploit Author: Adrien Thierry # Exploit Advisory: asylumseraumcom/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilitieshtml # Vendor Homepage: maarc ...

NVD-CWE-Other http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.html http://www.exploit-db.com/exploits/35113 http://osvdb.org/show/osvdb/113928 http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html https://nvd.nist.gov https://www.exploit-db.com/exploits/35113/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1587

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect