CVE-2015-5074

EPSS 11.20% · P94 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-5074

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

X2Engine X2CRM 输入验证漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

X2Engine X2CRM是美国X2Engine公司的一套开源的客户关系管理程序（CRM）。 X2Engine X2CRM 5.0.9之前版本的protected/components/filters/FileUploadsFilter.php脚本中的FileUploadsFilter类中存在不完整黑名单漏洞。远程攻击者可通过上传带有.pht扩展名的文件利用该漏洞执行任意PHP代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2015-5074

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2015-5074

请登录查看更多情报信息。

https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8#diff-26a90fcab2707d6ef509fccb3588790fx_refsource_CONFIRM
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/x_refsource_MISC
http://packetstormsecurity.com/files/133717/X2Engine-4.2-Arbitrary-File-Upload.htmlx_refsource_MISC
https://www.exploit-db.com/exploits/38323/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/536546/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2015/Sep/92mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2015-5074

Same Patch Batch · n/a · 2015-09-29 · 16 CVEs total

CVE-2015-0299		Open Source Point of Sale 跨站脚本漏洞
CVE-2015-5075		X2Engine X2CRM 跨站请求伪造漏洞
CVE-2015-5076		X2Engine X2CRM 跨站脚本漏洞
CVE-2015-7319		WordPress Appointment Booking Calendar插件SQL注入漏洞
CVE-2015-7320		WordPress Appointment Booking Calendar插件跨站脚本漏洞
CVE-2015-7337		IPython Notebook和Jupyter Notebook 输入验证漏洞
CVE-2015-7601		PCMan's FTP Server 目录遍历漏洞
CVE-2015-7602		BisonWare BisonFTP 目录遍历漏洞
CVE-2015-7603		Konica Minolta FTP Utility 目录遍历漏洞
CVE-2015-7604		Splunk Enterprise和Splunk Light 跨站脚本漏洞
CVE-2015-0852		FreeImage 数字错误漏洞
CVE-2015-5442		HP Software Update 安全漏洞
CVE-2015-5711		多款TIBCO产品信息泄露漏洞
CVE-2015-5435		HP Integrated Lights-Out 安全漏洞
CVE-2015-5950		NVIDIA Display Driver 缓冲区溢出漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2015-5074

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2015-5074

I. Basic Information for CVE-2015-5074

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2015-5074

III. Intelligence Information for CVE-2015-5074

Same Patch Batch · n/a · 2015-09-29 · 16 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2015-5074

Leave a comment