CVE-2015-5951

Description

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

CVSS Version 3.1

nvd

CVE ID: CVE-2015-5951
Base Score: 9.9
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 3.1

CVSS Version 2.0

nvd

CVE ID: CVE-2015-5951
Base Score: 9.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:S/C:C/I:C/A:C

Refrence: NVD