CVE-2015-2079

Summary

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

Affected Software

VendorProductVersion RangeStatus
UserminUsermin0.980 < 1.660affected

Weaknesses

  • CWE-96: CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References