nvd-json-data-feeds/CVE-2017/CVE-2017-117xx/CVE-2017-11756.json

{
  "id": "CVE-2017-11756",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2017-07-30T18:29:00.600",
  "lastModified": "2017-08-04T19:42:10.837",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code."
    },
    {
      "lang": "es",
      "value": "En Earcms Ear Music hasta la versi\u00f3n 4.1 build 20170710, los usuarios autenticados remotos pueden ejecutar c\u00f3digo PHP arbitrario cambiando las extensiones de carga de m\u00fasica permitidas para incluir .php adem\u00e1s de .mp3 y .m4a en admin.php?iframe=config_upload, y luego usar el user.php/music/add/ para cargar el c\u00f3digo."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:earcms:ear_music:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.1",
              "matchCriteriaId": "427FE176-3EFC-46A7-AAB6-C62D3CD702A4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lncken.cn/?p=359",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}