Home > Vulnerability Database > CVE-2015-6567

Mend.io Vulnerability Database

CVE-2015-6567

Good to know:

Date: April 14, 2017

Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.

Language: PHP

Severity Score

8.8

Related Resources (9)

Url: https://github.com/wolfcms/wolfcms/releases/tag/0.8.3.1

Url: https://www.wolfcms.org/blog/2015/08/10/releasing-wolf-cms-0-8-3-1.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-6567

Url: https://www.exploit-db.com/exploits/40004/

Url: https://github.com/wolfcms/wolfcms/issues/625

Url: https://github.com/wolfcms/wolfcms/commit/2160275b60736f706dfda132c7c46728c5b255fa

Url: https://www.exploit-db.com/exploits/38000/

Url: http://www.websecgeeks.com/2015/08/wolf-cms-arbitrary-file-upload-to.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-6567

Severity Score

8.8

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 0.8.3

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-6567

Good to know:

Date: April 14, 2017

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?