exploitDog

GHSA-2m5x-xrc7-mrxp

Опубликовано: 25 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.

Ссылки

EPSS

Процентиль: 86%

0.03001

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-45896

CVSS3: 9.8

nvd

около 3 лет назад

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.

EPSS

Процентиль: 86%

0.03001

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434