How severe is CVE-2018-17055?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-17055?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2018-17055

HIGH Year: 2018

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-434

View all →

Vulnerability Description

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

CVE-2015-9338

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

CWE-4342015

CVE-2015-9339

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

CWE-4342015

CVE-2015-9340

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

CWE-4342015

CVE-2015-9341

HIGH

CVSS:7.5(High)

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

CWE-4342015

CVE-2016-10958

HIGH

CVSS:7.5(High)

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

CWE-4342016

CVE-2016-7452

HIGH

CVSS:7.5(High)

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

CWE-4342016

CVE-2018-17055

Vulnerability Description

Related Vulnerabilities

CVE-2015-9338

CVE-2015-9339

CVE-2015-9340

CVE-2015-9341

CVE-2016-10958

CVE-2016-7452