CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17055

HIGH
7.5
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile16.26th
PublishedSep 28, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

Affected Platforms (CPE)

πŸ“¦
Progress

Sitefinity

>= 4.0 and <= 11.0

References & Advisories

πŸ”— https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/
πŸ”— https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
πŸ”— https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/
πŸ”— https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018

Related Vulnerabilities

CVE-2019-173929.8

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandle...

CVE-2017-92489.8

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly ...

CVE-2017-158839.8

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause...

CVE-2017-181798.8

Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change o...