CVE-2014-2042

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
livetecstimeline
𝑥
≤ 6.2.8
livetecstimeline
2.81
livetecstimeline
2.91
livetecstimeline
2.94
livetecstimeline
3.0.1
livetecstimeline
3.0.3
livetecstimeline
3.0.5
livetecstimeline
3.1.1
livetecstimeline
3.2.1
livetecstimeline
3.5.1
livetecstimeline
3.6.1
livetecstimeline
3.7.1
livetecstimeline
3.8.1
livetecstimeline
4.2.1
livetecstimeline
4.3.1
livetecstimeline
4.9.1
livetecstimeline
5.2.1
livetecstimeline
6.0.1
livetecstimeline
6.2.1
livetecstimeline
6.2.3
livetecstimeline
6.2.4
livetecstimeline
6.2.6
livetecstimeline
6.2.7
livetecstimeline
6.2.71
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Apr/260
http://www.securityfocus.com/archive/1/531914/100/0/threaded
http://seclists.org/fulldisclosure/2014/Apr/260
http://www.securityfocus.com/archive/1/531914/100/0/threaded