CVE-2014-2867

2022-10-0316:20:48

[email protected]

web.nvd.nist.gov

cve-2014-2867

unrestricted file upload

paperthin commonspot

remote code execution

coldfusion page

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.

Affected configurations

NVD

Node

paperthincommonspot_content_serverRange≤7.0.1

paperthincommonspot_content_serverMatch8.0.0

paperthincommonspot_content_serverMatch8.0.1

paperthincommonspot_content_serverMatch8.0.2

CPENameOperatorVersion
paperthin:commonspot_content_serverpaperthin commonspot content serverle7.0.1
paperthin:commonspot_content_serverpaperthin commonspot content servereq8.0.0
paperthin:commonspot_content_serverpaperthin commonspot content servereq8.0.1
paperthin:commonspot_content_serverpaperthin commonspot content servereq8.0.2

CPE	Name	Operator	Version
paperthin:commonspot_content_server	paperthin commonspot content server	le	7.0.1
paperthin:commonspot_content_server	paperthin commonspot content server	eq	8.0.0
paperthin:commonspot_content_server	paperthin commonspot content server	eq	8.0.1
paperthin:commonspot_content_server	paperthin commonspot content server	eq	8.0.2