Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-03-02T17:00:00
Updated: 2014-03-02T16:57:02
Reserved: 2014-02-24T00:00:00
Link: CVE-2014-2088
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-03-02T17:55:02.940
Modified: 2014-03-03T17:24:30.533
Link: CVE-2014-2088
JSON object: View
Redhat Information
No data.
CWE