High severity7.2NVD Advisory· Published Sep 19, 2017· Updated May 13, 2026
CVE-2014-9619
CVE-2014-9619
Description
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
Affected products
12cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*range: <=3.1.9
- cpe:2.3:a:netsweeper:netsweeper:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:netsweeper:netsweeper:4.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.htmlnvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/37932/nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.