CVE ID: CVE-2014-7260 JVNDB ID: JVNDB-2014-00143 Vulnerability: Remote command execution vulnarability in "File Upload BBS" of i-HTTPD Published Date: 2014/12/09 Last Updated Date: 2014/12/09 Affected Product: i-HTTPD Vendor Status: - Vendor: ULTRAPOP.JP - Status: Vulnerable - Last Update: 2014/12/09 - Vendor Notes: None provided Solution: - Do not use i-HTTPD and "File Upload BBS" - i-HTTPD is no longer being developed or maintained. It is recommended to stop using i-HTTPD and "File Upload BBS". CVSS Base Metrics: - Access Vector (AV): Network - Access Complexity (AC): Low - Authentication (Au): None - Confidentiality Impact (C): Partial - Integrity Impact (I): Partial - Availability Impact (A): Partial - Base Score: 7.5 Credit: Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.