Vulnerability Details CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
- https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
Products affected by CVE-2018-17055
-
cpe:2.3:a:progress:sitefinity:10.0
-
cpe:2.3:a:progress:sitefinity:10.0.6400
-
cpe:2.3:a:progress:sitefinity:10.0.6401.0
-
cpe:2.3:a:progress:sitefinity:10.0.6411
-
cpe:2.3:a:progress:sitefinity:10.0.6412
-
cpe:2.3:a:progress:sitefinity:10.0.6412.0
-
cpe:2.3:a:progress:sitefinity:10.0.6413
-
cpe:2.3:a:progress:sitefinity:10.0.6414
-
cpe:2.3:a:progress:sitefinity:10.0.6415
-
cpe:2.3:a:progress:sitefinity:10.0.6426
-
cpe:2.3:a:progress:sitefinity:10.0.6427
-
cpe:2.3:a:progress:sitefinity:10.0.6428
-
cpe:2.3:a:progress:sitefinity:10.0.6429
-
cpe:2.3:a:progress:sitefinity:10.0.6430
-
cpe:2.3:a:progress:sitefinity:10.0.6431
-
cpe:2.3:a:progress:sitefinity:10.0.6432
-
cpe:2.3:a:progress:sitefinity:10.0.6433
-
cpe:2.3:a:progress:sitefinity:10.1
-
cpe:2.3:a:progress:sitefinity:10.1.6500
-
cpe:2.3:a:progress:sitefinity:10.1.6501
-
cpe:2.3:a:progress:sitefinity:10.1.6502
-
cpe:2.3:a:progress:sitefinity:10.1.6503
-
cpe:2.3:a:progress:sitefinity:10.1.6504
-
cpe:2.3:a:progress:sitefinity:10.1.6505
-
cpe:2.3:a:progress:sitefinity:10.1.6506
-
cpe:2.3:a:progress:sitefinity:10.1.6535
-
cpe:2.3:a:progress:sitefinity:10.1.6536
-
cpe:2.3:a:progress:sitefinity:10.1.6538
-
cpe:2.3:a:progress:sitefinity:10.1.6540
-
cpe:2.3:a:progress:sitefinity:10.1.6541
-
cpe:2.3:a:progress:sitefinity:10.1.6542
-
cpe:2.3:a:progress:sitefinity:10.1.6543
-
cpe:2.3:a:progress:sitefinity:10.1.6544
-
cpe:2.3:a:progress:sitefinity:10.2
-
cpe:2.3:a:progress:sitefinity:10.2.6600
-
cpe:2.3:a:progress:sitefinity:10.2.6601
-
cpe:2.3:a:progress:sitefinity:10.2.6602
-
cpe:2.3:a:progress:sitefinity:10.2.6603
-
cpe:2.3:a:progress:sitefinity:10.2.6604
-
cpe:2.3:a:progress:sitefinity:10.2.6636
-
cpe:2.3:a:progress:sitefinity:10.2.6641
-
cpe:2.3:a:progress:sitefinity:10.2.6647
-
cpe:2.3:a:progress:sitefinity:10.2.6649
-
cpe:2.3:a:progress:sitefinity:10.2.6650
-
cpe:2.3:a:progress:sitefinity:10.2.6651
-
cpe:2.3:a:progress:sitefinity:10.2.6652
-
cpe:2.3:a:progress:sitefinity:10.2.6653
-
cpe:2.3:a:progress:sitefinity:11.0
-
cpe:2.3:a:progress:sitefinity:4.0
-
cpe:2.3:a:progress:sitefinity:5.1
-
cpe:2.3:a:progress:sitefinity:5.2
-
cpe:2.3:a:progress:sitefinity:5.3
-
cpe:2.3:a:progress:sitefinity:5.4
-
cpe:2.3:a:progress:sitefinity:6.0
-
cpe:2.3:a:progress:sitefinity:6.1
-
cpe:2.3:a:progress:sitefinity:6.2
-
cpe:2.3:a:progress:sitefinity:6.3
-
cpe:2.3:a:progress:sitefinity:7.0
-
cpe:2.3:a:progress:sitefinity:7.0.5143
-
cpe:2.3:a:progress:sitefinity:7.1
-
cpe:2.3:a:progress:sitefinity:7.1.5243
-
cpe:2.3:a:progress:sitefinity:7.2
-
cpe:2.3:a:progress:sitefinity:7.2.5353
-
cpe:2.3:a:progress:sitefinity:7.3
-
cpe:2.3:a:progress:sitefinity:7.3.5693
-
cpe:2.3:a:progress:sitefinity:8.0
-
cpe:2.3:a:progress:sitefinity:8.0.5700
-
cpe:2.3:a:progress:sitefinity:8.0.5710
-
cpe:2.3:a:progress:sitefinity:8.0.5730
-
cpe:2.3:a:progress:sitefinity:8.0.5750
-
cpe:2.3:a:progress:sitefinity:8.0.5770
-
cpe:2.3:a:progress:sitefinity:8.0.5771
-
cpe:2.3:a:progress:sitefinity:8.0.5772
-
cpe:2.3:a:progress:sitefinity:8.0.5773
-
cpe:2.3:a:progress:sitefinity:8.0.5774
-
cpe:2.3:a:progress:sitefinity:8.1
-
cpe:2.3:a:progress:sitefinity:8.1.5800
-
cpe:2.3:a:progress:sitefinity:8.1.5810
-
cpe:2.3:a:progress:sitefinity:8.1.5820
-
cpe:2.3:a:progress:sitefinity:8.1.5830
-
cpe:2.3:a:progress:sitefinity:8.1.5831
-
cpe:2.3:a:progress:sitefinity:8.1.5840
-
cpe:2.3:a:progress:sitefinity:8.1.5850
-
cpe:2.3:a:progress:sitefinity:8.1.5851
-
cpe:2.3:a:progress:sitefinity:8.1.5860
-
cpe:2.3:a:progress:sitefinity:8.1.5862
-
cpe:2.3:a:progress:sitefinity:8.1.5863
-
cpe:2.3:a:progress:sitefinity:8.1.5864
-
cpe:2.3:a:progress:sitefinity:8.2
-
cpe:2.3:a:progress:sitefinity:8.2.5900
-
cpe:2.3:a:progress:sitefinity:8.2.5920
-
cpe:2.3:a:progress:sitefinity:8.2.5921
-
cpe:2.3:a:progress:sitefinity:8.2.5940
-
cpe:2.3:a:progress:sitefinity:8.2.5960
-
cpe:2.3:a:progress:sitefinity:8.2.5961
-
cpe:2.3:a:progress:sitefinity:8.2.5970
-
cpe:2.3:a:progress:sitefinity:8.2.5971
-
cpe:2.3:a:progress:sitefinity:8.2.5972
-
cpe:2.3:a:progress:sitefinity:8.2.5973
-
cpe:2.3:a:progress:sitefinity:8.2.5974
-
cpe:2.3:a:progress:sitefinity:8.2.5975
-
cpe:2.3:a:progress:sitefinity:9.0
-
cpe:2.3:a:progress:sitefinity:9.0.6000
-
cpe:2.3:a:progress:sitefinity:9.0.6010
-
cpe:2.3:a:progress:sitefinity:9.0.6020
-
cpe:2.3:a:progress:sitefinity:9.0.6030
-
cpe:2.3:a:progress:sitefinity:9.0.6040
-
cpe:2.3:a:progress:sitefinity:9.0.6050
-
cpe:2.3:a:progress:sitefinity:9.0.6051
-
cpe:2.3:a:progress:sitefinity:9.0.6060
-
cpe:2.3:a:progress:sitefinity:9.0.6062
-
cpe:2.3:a:progress:sitefinity:9.0.6063
-
cpe:2.3:a:progress:sitefinity:9.0.6064
-
cpe:2.3:a:progress:sitefinity:9.0.6065
-
cpe:2.3:a:progress:sitefinity:9.1
-
cpe:2.3:a:progress:sitefinity:9.1.6100
-
cpe:2.3:a:progress:sitefinity:9.1.6110
-
cpe:2.3:a:progress:sitefinity:9.1.6150
-
cpe:2.3:a:progress:sitefinity:9.1.6160
-
cpe:2.3:a:progress:sitefinity:9.1.6170
-
cpe:2.3:a:progress:sitefinity:9.1.6171
-
cpe:2.3:a:progress:sitefinity:9.1.6180
-
cpe:2.3:a:progress:sitefinity:9.1.6181
-
cpe:2.3:a:progress:sitefinity:9.1.6182
-
cpe:2.3:a:progress:sitefinity:9.1.6183
-
cpe:2.3:a:progress:sitefinity:9.1.6184
-
cpe:2.3:a:progress:sitefinity:9.1.6185
-
cpe:2.3:a:progress:sitefinity:9.1.6186
-
cpe:2.3:a:progress:sitefinity:9.1.6187
-
cpe:2.3:a:progress:sitefinity:9.2
-
cpe:2.3:a:progress:sitefinity:9.2.6200
-
cpe:2.3:a:progress:sitefinity:9.2.6210
-
cpe:2.3:a:progress:sitefinity:9.2.6220
-
cpe:2.3:a:progress:sitefinity:9.2.6230
-
cpe:2.3:a:progress:sitefinity:9.2.6250
-
cpe:2.3:a:progress:sitefinity:9.2.6260
-
cpe:2.3:a:progress:sitefinity:9.2.6261
-
cpe:2.3:a:progress:sitefinity:9.2.6270
-
cpe:2.3:a:progress:sitefinity:9.2.6271
-
cpe:2.3:a:progress:sitefinity:9.2.6272
-
cpe:2.3:a:progress:sitefinity:9.2.6274
-
cpe:2.3:a:progress:sitefinity:9.2.6275
-
cpe:2.3:a:progress:sitefinity:9.2.6276
-
cpe:2.3:a:progress:sitefinity:9.2.6277
-
cpe:2.3:a:progress:sitefinity:9.2.6278