CVE-2003-0950

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.

Published: Dec 15, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0950
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
peoplesoft / peopletools	8.15	8.15.x
peoplesoft / peopletools	8.19	8.19.x
peoplesoft / peopletools	8.42	8.42.x
peoplesoft / peopletools	8.43	8.43.x
peoplesoft / peopletools	8.12	8.12.x
peoplesoft / peopletools	8.10	8.10.x
peoplesoft / peopletools	8.17	8.17.x
peoplesoft / peopletools	8.41	8.41.x
peoplesoft / peopletools	8.16	8.16.x
peoplesoft / peopletools	8.11	8.11.x
peoplesoft / peopletools	8.20	8.20.x
peoplesoft / peopletools	8.18	8.18.x
peoplesoft / peopletools	8.13	8.13.x
peoplesoft / peopletools	8.4	8.4.x
peoplesoft / peopletools	8.40	8.40.x
peoplesoft / peopletools	8.14	8.14.x

Vulnerability Database

289,871

CVE-2003-0950