CVE-2002-1841

Noguska Nola - Unrestricted File Upload

Title source: rule

Description

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

References (5)

[Mailing List, Third Party Advisory] http://marc.info/?l=vuln-dev&m=102511114021370&w=2

[Mailing List, Third Party Advisory] http://marc.info/?l=vuln-dev&m=102520790718208&w=2

[Broken Link, Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/280340

[Broken Link] http://www.iss.net/security_center/static/9438.php

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5116

Scores

EPSS 0.0072

EPSS Percentile 72.2%

Classification

CWE

CWE-434

Status draft

Affected Products (2)

noguska/nola

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026