Vulnerabilites related to mads_brunn - t3quixplorer
Vulnerability from fkie_nvd
Published
2010-03-19 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mads_brunn | t3quixplorer | * | |
| mads_brunn | t3quixplorer | 1.0.0 | |
| mads_brunn | t3quixplorer | 1.0.1 | |
| mads_brunn | t3quixplorer | 1.0.2 | |
| mads_brunn | t3quixplorer | 1.2.0 | |
| mads_brunn | t3quixplorer | 1.3.0 | |
| mads_brunn | t3quixplorer | 1.4.0 | |
| mads_brunn | t3quixplorer | 1.5.0 | |
| mads_brunn | t3quixplorer | 1.6.0 | |
| typo3 | typo3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A39EDD2-DA0D-4208-A969-44E76D7F1494",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE727C14-8517-4996-8D34-FAF238CB3429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A9826B-068A-4923-B3C7-02EA3C732038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C03C88C-5D51-4720-90C8-EDFF288702AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B77C9D-C67F-4D46-928F-50811DEF43F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BD9C3-199A-4C23-B9E2-FC30C8461B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26478C-CF65-43D7-81F9-A2EB14F94689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B9A49E-17E4-4118-8AB4-B42259123E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A423F65-9148-4393-BB29-0BCB72557C83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n Typo3 Quixplorer (t3quixplorer) anteriores a v1.7.1 para TYPO3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-1021",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-19T19:00:00.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63036"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38993"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-25 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| claudio_klingler | quixplorer | * | |
| claudio_klingler | quixplorer | 1.0 | |
| claudio_klingler | quixplorer | 1.1 | |
| claudio_klingler | quixplorer | 1.2 | |
| claudio_klingler | quixplorer | 1.4 | |
| claudio_klingler | quixplorer | 1.5 | |
| claudio_klingler | quixplorer | 1.6 | |
| claudio_klingler | quixplorer | 2.0 | |
| claudio_klingler | quixplorer | 2.1.1 | |
| claudio_klingler | quixplorer | 2.2 | |
| mads_brunn | t3quixplorer | 1.0.0 | |
| mads_brunn | t3quixplorer | 1.0.1 | |
| mads_brunn | t3quixplorer | 1.0.2 | |
| mads_brunn | t3quixplorer | 1.2.0 | |
| mads_brunn | t3quixplorer | 1.3.0 | |
| mads_brunn | t3quixplorer | 1.4.0 | |
| mads_brunn | t3quixplorer | 1.5.0 | |
| mads_brunn | t3quixplorer | 1.6.0 | |
| mads_brunn | t3quixplorer | 1.7.0 | |
| mads_brunn | t3quixplorer | 1.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13FBDE35-7E96-4CB0-AA02-20A54E25C034",
"versionEndIncluding": "2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "354BBE12-96AA-4F3C-8B51-CFE80E4808D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCFC487-FDA2-4D26-8140-1F16BAA7A658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B19E0034-0B67-4A71-83E8-98A148FF89F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F06FAD64-5233-44BB-9FDA-ED019967B7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9541428-5609-43FE-BF9B-49414E64D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE410E3-E0AB-4C47-AB4A-7290460BB9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF42BE37-1569-4D22-9302-B1F5AB12C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF152CB-58C1-4B9A-87E0-16A7E9EFF7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:claudio_klingler:quixplorer:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83892CE6-D168-4B03-94C8-CE167326FA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BE727C14-8517-4996-8D34-FAF238CB3429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A9826B-068A-4923-B3C7-02EA3C732038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C03C88C-5D51-4720-90C8-EDFF288702AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B77C9D-C67F-4D46-928F-50811DEF43F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BD9C3-199A-4C23-B9E2-FC30C8461B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26478C-CF65-43D7-81F9-A2EB14F94689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B9A49E-17E4-4118-8AB4-B42259123E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A423F65-9148-4393-BB29-0BCB72557C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13CB2420-FEDA-41E7-B650-84C71BFC0EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mads_brunn:t3quixplorer:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8995BEFE-4E47-47ED-88DA-3BA06D4B2392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida no restringida de ficheros en QuiXplorer v2.3 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n al subir un fichero con una extensi\u00f3n ejecutable usando la opci\u00f3n de subir en index.php, accediendo posteriormente mediante una petici\u00f3n directa del fichero en un directorio no especificado"
}
],
"id": "CVE-2011-5005",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-25T01:55:04.523",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18118"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-1021 (GCVE-0-2010-1021)
Vulnerability from cvelistv5
Published
2010-03-19 18:35
Modified
2024-09-16 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-19T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1/"
},
{
"name": "38993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38993"
},
{
"name": "38818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38818"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "63036",
"refsource": "OSVDB",
"url": "http://osvdb.org/63036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1021",
"datePublished": "2010-03-19T18:35:00Z",
"dateReserved": "2010-03-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:09:23.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5005 (GCVE-0-2011-5005)
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18118"
},
{
"name": "quixplorer-index-file-upload(71323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18118"
},
{
"name": "quixplorer-index-file-upload(71323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18118",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18118"
},
{
"name": "quixplorer-index-file-upload(71323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5005",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-12-24T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}