{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T19:07:06.533","vulnerabilities":[{"cve":{"id":"CVE-2015-2780","sourceIdentifier":"cve@mitre.org","published":"2017-10-16T18:29:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."},{"lang":"es","value":"Una vulnerabilidad de subida de archivos sin restricción en Berta CMS permite que atacantes remotos ejecuten código arbitrario mediante la subida de un archivo de imagen manipulado con una extensión ejecutable y, a continuación, acceder a este por medio de una petición directa al archivo en un directorio sin especificar."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:berta:berta_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8.9b","matchCriteriaId":"C8A22BC4-2713-47E4-8415-953EC455D223"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2015/Mar/155","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/03/28/4","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/36520/","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2015/Mar/155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/03/28/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/36520/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]}]}}]}