CVE-2018-17936: Malicious File Upload
First published: Tue Nov 27 2018(Updated: )
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nuuo Nuuo Cms | <=3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17936?
CVE-2018-17936 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2018-17936?
To fix CVE-2018-17936, upgrade NUUO CMS to a version later than 3.3 to eliminate the arbitrary file upload vulnerability.
What systems are affected by CVE-2018-17936?
CVE-2018-17936 affects all versions of NUUO CMS up to and including version 3.3.
What kind of attack can CVE-2018-17936 enable?
CVE-2018-17936 can enable attackers to upload arbitrary files, potentially leading to modifications or overwriting of server configuration files.
Is there a mitigation for CVE-2018-17936?
The primary mitigation for CVE-2018-17936 is to ensure NUUO CMS is updated to the latest version.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/nuuo
- canonical/nuuo nuuo cms
- version/nuuo nuuo cms/3.3