CVE-2019-12150
N/A
N/A
Summary
Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.karamasoft.com
- https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload
References
- https://www.karamasoft.com
- https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.