CVE: CVE-2002-1841

Export to Word

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00717
Percentile: 0.71456

CVSS Scoring

CVSS v2 Score: 5.0

Severity:

Mapped CWE(s)

CWE-434 : Unrestricted Upload of File with Dangerous Type

All CAPEC(s)

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

CAPEC(s) with Mapped TTPs

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness

Mapped ATT&CK TTPs

T1574.010 : Services File Permissions Weakness
Kill Chain: persistence

Malware

BlackEnergy

APTs Threat Group Associations

Campaigns

Affected Products

cpe:2.3:a:noguska:nola:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:noguska:nola:1.1.2:*:*:*:*:*:*:*

← Back to Home