I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.01402
Percentile:
0.7958
CVSS Scoring
CVSS v2 Score: 7.5
Severity:
Mapped CWE(s)
-
CWE-434
: Unrestricted Upload of File with Dangerous Type
All CAPEC(s)
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
CAPEC(s) with Mapped TTPs
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
-
T1574.010
: Services File Permissions Weakness
Mapped ATT&CK TTPs
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:a:yvesglodt:i-man:*:*:*:*:*:*:*:*
← Back to Home