exploitDog

GHSA-2gmw-j4qh-8xwv

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.

Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.

Ссылки

EPSS

Процентиль: 91%

0.07032

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2008-3165

nvd

больше 17 лет назад

Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.

EPSS

Процентиль: 91%

0.07032

Низкий

CVE ID

Дефекты

CWE-22