Unrated severityNVD Advisory· Published Jan 2, 2019· Updated Aug 5, 2024

CVE-2018-20166

Description

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Dmitrybuhtiyarov/Rukovoditelinferred
Range: = 2.3.1
Rukovoditel/Rukovoditelllm-fuzzy
Range: =2.3.1

Patches

Vulnerability mechanics

References

www.exploit-db.com/exploits/46011mitreexploitx_refsource_EXPLOIT-DB
pentest.com.tr/exploits/Rukovoditel-Project-Management-CRM-2-3-1-Authenticated-Remote-Code-Execution.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000