CVE: CVE-2005-0254

Export to Word

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00702
Percentile: 0.71093

CVSS Scoring

CVSS v3.1 Score: 3.7

Severity: LOW

Mapped CWE(s)

CWE-434 : Unrestricted Upload of File with Dangerous Type

All CAPEC(s)

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

CAPEC(s) with Mapped TTPs

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness

Mapped ATT&CK TTPs

T1574.010 : Services File Permissions Weakness
Kill Chain: persistence

Malware

BlackEnergy

APTs Threat Group Associations

Campaigns

Affected Products

cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:*
cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:*

← Back to Home