CVE-2015-0877

EUVD-2015-0887
Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
c-board_moyuku_projectc-board_moyuku
𝑥
≤ 1.03
c-board_moyuku_projectc-board_moyuku
1.01:b1
c-board_moyuku_projectc-board_moyuku
1.01:b2
c-board_moyuku_projectc-board_moyuku
1.01:b3
c-board_moyuku_projectc-board_moyuku
1.01:b4
c-board_moyuku_projectc-board_moyuku
1.01:b6
c-board_moyuku_projectc-board_moyuku
1.02:b1
c-board_moyuku_projectc-board_moyuku
1.03:b1
𝑥
= Vulnerable software versions
References
http://jvn.jp/en/jp/JVN73261710/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000018
http://sourceforge.jp/projects/cb-moyuku/news/
http://jvn.jp/en/jp/JVN73261710/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000018
http://sourceforge.jp/projects/cb-moyuku/news/