Unrated severityNVD Advisory· Published Feb 19, 2015· Updated Jun 17, 2026

CVE-2015-1587

Description

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Maarch/Gec\/ged2 versions
cpe:2.3:a:maarch:gec\/ged:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:maarch:gec\/ged:*:*:*:*:*:*:*:*range: <=1.4
- (no CPE)range: <=1.4
Maarch/Letterbox2 versions
cpe:2.3:a:maarch:letterbox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:maarch:letterbox:*:*:*:*:*:*:*:*range: <=2.8
- (no CPE)range: <=2.8

Patches

Vulnerability mechanics

References

asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.htmlnvdExploit
packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.htmlnvdExploit
www.exploit-db.com/exploits/35113nvdExploit
osvdb.org/show/osvdb/113928nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000