A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2015/Aug/25 | Mailing List Third Party Advisory |
http://www.securityfocus.com/archive/1/536163/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/76271 | Third Party Advisory VDB Entry |
https://seclists.org/bugtraq/2015/Aug/32 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-06T20:32:12
Updated: 2020-01-06T20:32:12
Reserved: 2015-08-06T00:00:00
Link: CVE-2015-5951
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-06T21:15:11.223
Modified: 2020-01-10T19:23:20.817
Link: CVE-2015-5951
JSON object: View
Redhat Information
No data.
CWE