Description
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.christian-schneider.net/advisories/CVE-2014-2025.txt
Third Party Advisory x_refsource_confirm
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=31&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=31
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/99568
Scores
CVSS v3
9.8
EPSS
0.0901
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
unitedplanet/intrexx
5.2
unitedplanet/intrexx
6.0
Published
Jan 31, 2020
Tracked Since
Feb 18, 2026