CVE-2002-1841

NOLA 1.1.1-1.1.2 - Unrestricted Upload of Dangerous File Types

Title source: llm
STIX 2.1

Description

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

References (5)

Core 5
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102511114021370&w=2
Mailing List, Third Party Advisory mailing-list x_refsource_vuln-dev
http://marc.info/?l=vuln-dev&m=102520790718208&w=2
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/280340
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9438.php
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5116

Scores

EPSS 0.0216
EPSS Percentile 79.9%

Details

CWE
CWE-434
Status published
Products (2)
noguska/nola 1.1.1
noguska/nola 1.1.2
Published Dec 31, 2002
Tracked Since Feb 18, 2026