cbcvebase.
CVE-2015-1587
published 2015-02-19

CVE-2015-1587: Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute…

PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
44.19%
98.6th percentile
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.

Affected

2 ranges
VendorProductVersion rangeFixed in
maarchgec_ged<= 1.4
maarchletterbox<= 2.8

Detection & IOCsextracted from sources · hover to see the quote

pathfile_to_index.php
pathtmp/
  • Monitor for unauthenticated POST requests to file_to_index.php containing multipart/form-data with a PHP file extension in the uploaded filename.
  • Alert on HTTP GET requests to predictable paths under tmp/ with a .php extension, indicating post-upload webshell access.
  • Use the Google dork 'intext:"Maarch Maerys Archive v2.1 logo"' to identify exposed Maarch instances on the internet.
  • The exploit uses Content-Type: multipart/form-data with a custom boundary; inspect HTTP traffic for POST requests to file_to_index.php with this content type from unauthenticated sessions.
  • ·The uploaded PHP webshell is placed in a predictable path under tmp/, meaning the filename can be guessed or brute-forced by an attacker without any session or authentication requirement.
  • ·Affects both Maarch LetterBox 2.8 and earlier AND GEC/GED 1.4 and earlier — detection rules should account for both product deployments.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.