CVE-2018-7217

EUVD-2018-18956
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
tejaribravo_solution
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/bugtraq/2018/Feb/38
https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html
http://seclists.org/bugtraq/2018/Feb/38
https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html