Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Timeline | Livetecs | * | 6.2.8 (including) |
| Timeline | Livetecs | 2.81 (including) | 2.81 (including) |
| Timeline | Livetecs | 2.91 (including) | 2.91 (including) |
| Timeline | Livetecs | 2.94 (including) | 2.94 (including) |
| Timeline | Livetecs | 3.0.1 (including) | 3.0.1 (including) |
| Timeline | Livetecs | 3.0.3 (including) | 3.0.3 (including) |
| Timeline | Livetecs | 3.0.5 (including) | 3.0.5 (including) |
| Timeline | Livetecs | 3.1.1 (including) | 3.1.1 (including) |
| Timeline | Livetecs | 3.2.1 (including) | 3.2.1 (including) |
| Timeline | Livetecs | 3.5.1 (including) | 3.5.1 (including) |
| Timeline | Livetecs | 3.6.1 (including) | 3.6.1 (including) |
| Timeline | Livetecs | 3.7.1 (including) | 3.7.1 (including) |
| Timeline | Livetecs | 3.8.1 (including) | 3.8.1 (including) |
| Timeline | Livetecs | 4.2.1 (including) | 4.2.1 (including) |
| Timeline | Livetecs | 4.3.1 (including) | 4.3.1 (including) |
| Timeline | Livetecs | 4.9.1 (including) | 4.9.1 (including) |
| Timeline | Livetecs | 5.2.1 (including) | 5.2.1 (including) |
| Timeline | Livetecs | 6.0.1 (including) | 6.0.1 (including) |
| Timeline | Livetecs | 6.2.1 (including) | 6.2.1 (including) |
| Timeline | Livetecs | 6.2.3 (including) | 6.2.3 (including) |
| Timeline | Livetecs | 6.2.4 (including) | 6.2.4 (including) |
| Timeline | Livetecs | 6.2.6 (including) | 6.2.6 (including) |
| Timeline | Livetecs | 6.2.7 (including) | 6.2.7 (including) |
| Timeline | Livetecs | 6.2.71 (including) | 6.2.71 (including) |