CVE-2018-17055: Malicious File Upload
First published: Fri Sep 28 2018(Updated: )
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Sitefinity | >=4.0<=11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this arbitrary file upload vulnerability in Progress Sitefinity CMS?
The vulnerability ID is CVE-2018-17055.
What is the severity of the CVE-2018-17055 vulnerability?
The severity of the CVE-2018-17055 vulnerability is high with a severity value of 7.5.
Which versions of Progress Sitefinity CMS are affected by CVE-2018-17055?
Progress Sitefinity CMS versions 4.0 through 11.0 are affected by CVE-2018-17055.
What is the CWE (Common Weakness Enumeration) ID associated with CVE-2018-17055?
The CWE ID associated with CVE-2018-17055 is CWE-434.
How can I fix the arbitrary file upload vulnerability in Progress Sitefinity CMS?
To fix the arbitrary file upload vulnerability in Progress Sitefinity CMS, apply the security patches provided by the vendor and update to a non-vulnerable version.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/progress
- canonical/progress sitefinity
- version/progress sitefinity/4.0
- version/progress sitefinity/11.0