Description
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102511114021370&w=2
Mailing List, Third Party Advisory mailing-list
x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102520790718208&w=2
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/280340
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9438.php
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5116
Scores
EPSS
0.0072
EPSS Percentile
72.6%
Details
CWE
CWE-434
Status
published
Products (2)
noguska/nola
1.1.1
noguska/nola
1.1.2
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026