CVE-2014-2042

EUVD-2014-2094
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
livetecstimeline
𝑥
≤ 6.2.8
livetecstimeline
2.81
livetecstimeline
2.91
livetecstimeline
2.94
livetecstimeline
3.0.1
livetecstimeline
3.0.3
livetecstimeline
3.0.5
livetecstimeline
3.1.1
livetecstimeline
3.2.1
livetecstimeline
3.5.1
livetecstimeline
3.6.1
livetecstimeline
3.7.1
livetecstimeline
3.8.1
livetecstimeline
4.2.1
livetecstimeline
4.3.1
livetecstimeline
4.9.1
livetecstimeline
5.2.1
livetecstimeline
6.0.1
livetecstimeline
6.2.1
livetecstimeline
6.2.3
livetecstimeline
6.2.4
livetecstimeline
6.2.6
livetecstimeline
6.2.7
livetecstimeline
6.2.71
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Apr/260
http://www.securityfocus.com/archive/1/531914/100/0/threaded
http://seclists.org/fulldisclosure/2014/Apr/260
http://www.securityfocus.com/archive/1/531914/100/0/threaded