How severe is CVE-2018-7562?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-7562?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2018-7562 - HIGH Severity | CVSS 7.5

Vulnerability Description

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php.

Related Vulnerabilities

CVE-2009-1837

HIGH

CVSS:7.5(High)

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code...

CWE-3622009

CVE-2016-15036

HIGH

CVSS:7.5(High)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race cond...

CWE-3622016

CVE-2016-20015

HIGH

CVSS:7.5(High)

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privilege...

CWE-3622016

CVE-2016-2812

HIGH

CVSS:7.5(High)

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a d...

CWE-3622016

CVE-2016-4309

HIGH

CVSS:7.5(High)

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CWE-3622016

CVE-2016-4954

HIGH

CVSS:7.5(High)

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many sour...

CWE-3622016