Description
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/76271
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2015/Aug/25
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/archive/1/536163/100/0/threaded
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/bugtraq/2015/Aug/32
Scores
CVSS v3
9.9
EPSS
0.0291
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
thomsonreuters/fatca
< 5.2
Published
Jan 06, 2020
Tracked Since
Feb 18, 2026