First published: Thu Jan 09 2020(Updated: )
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bss Continuity Cms Project Bss Continuty Cms | =4.2.22640.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-3448 is a Remote Code Execution vulnerability in BSS Continuity CMS 4.2.22640.0 due to unauthenticated file upload.
CVE-2014-3448 has a severity rating of 9.8 (critical).
To fix CVE-2014-3448, update BSS Continuity CMS to a version that is not affected by the vulnerability.
The CWE for CVE-2014-3448 is CWE-434: Unrestricted Upload of File with Dangerous Type.
You can find more information about CVE-2014-3448 at the following references: [Reference 1](http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html) and [Reference 2](http://seclists.org/fulldisclosure/2014/May/85).