VYPR
High severity7.2NVD Advisory· Published Sep 19, 2017· Updated Jun 17, 2026

CVE-2014-9619

CVE-2014-9619

Description

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*range: <=3.1.9
    • cpe:2.3:a:netsweeper:netsweeper:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:netsweeper:netsweeper:4.1.1:*:*:*:*:*:*:*
  • Range: <3.1.10, <4.0.9, <4.1.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.