How to fix EUVD-2014-0506?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Is Ubuntu affected by EUVD-2014-0506?

CVE-2014-0468 presents critical security risk, a unrestricted file upload vulnerability rated CVSS 9.8. This could allow attackers to access or modify files outside intended directories, potentially exposing sensitive configuration or credentials.

EUVD-2014-0506

| CVE-2014-0468 CRITICAL

2025-06-26 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2014-0506

CVE Published

Jun 26, 2025 - 21:15 nvd

CRITICAL 9.8

Description

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.

Analysis

Technical Context

Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server. This vulnerability is classified as Unrestricted Upload of File with Dangerous Type (CWE-434).

Affected Products

Affected products: Fusionforge Fusionforge

Remediation

Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: 0

Vendor Status

Ubuntu

Priority: Medium

fusionforge

Release	Status	Version
precise	ignored	end of life
trusty	DNE	-
upstream	released	5.3+20140506-1
vivid	DNE	-
wily	not-affected	6.0.2+20150708-1
xenial	not-affected	6.0.2+20150708-1
yakkety	not-affected	6.0.2+20150708-1
zesty	not-affected	6.0.2+20150708-1

Debian

fusionforge

Release	Status	Fixed Version	Urgency
squeeze	fixed	(unfixed)	end-of-life
(unstable)	fixed	5.3+20140506-1	-

EUVD-2014-0506 vulnerability details – vuln.today

Back

EUVD-2014-0506

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2014-0506

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code