Executive Summary

Informations
Name CVE-2014-125126 First vendor Publication 2025-07-31
Vendor Cve Last vendor Modification 2025-07-31

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-125126

Sources (Detail)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/...
https://sourceforge.net/projects/simplee-doc/
https://www.exploit-db.com/exploits/31264
https://www.vulncheck.com/advisories/simple-edocument-abitrary-file-upload-rce
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-08-01 13:20:41
  • Multiple Updates
2025-07-31 21:20:35
  • First insertion