Paperthin : Security Vulnerabilities, CVEs, CVSS score >= 7
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
Max CVSS
10.0
EPSS Score
0.32%
Published
2014-04-15
Updated
2014-04-16
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
Max CVSS
7.5
EPSS Score
0.32%
Published
2014-04-15
Updated
2014-04-16
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.28%
Published
2014-04-15
Updated
2014-04-16
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.
Max CVSS
10.0
EPSS Score
0.34%
Published
2014-04-15
Updated
2014-04-16
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.
Max CVSS
7.5
EPSS Score
0.31%
Published
2014-04-15
Updated
2014-04-16
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
Max CVSS
10.0
EPSS Score
0.26%
Published
2014-04-15
Updated
2014-04-16
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
Max CVSS
10.0
EPSS Score
0.26%
Published
2014-04-15
Updated
2014-04-16
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
Max CVSS
7.5
EPSS Score
0.31%
Published
2014-04-15
Updated
2014-04-16
8 vulnerabilities found