CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

Published: Jan 6, 2020
Updated: Apr 13, 2023
CVE: CVE-2015-5951
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.9
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
thomsonreuters / fatca	-	5.2

http://packetstormsecurity.com/files/133003/Thomson-Reuters-FATCA-Arbitrary-File-Upload.html
http://seclists.org/fulldisclosure/2015/Aug/25
http://www.securityfocus.com/archive/1/536163/100/0/threaded
http://www.securityfocus.com/bid/76271
https://seclists.org/bugtraq/2015/Aug/32

Vulnerability Database

289,689

CVE-2015-5951