CVE-2011-0678

critical

Description

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65013

http://www.vupen.com/english/advisories/2011/0217

http://www.kb.cert.org/vuls/id/528212

http://secunia.com/advisories/43031

http://osvdb.org/70669

Details

Source: Mitre, NVD

Published: 2011-01-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.09211