GHSA-33c9-rppf-m7fq

Опубликовано: 07 окт. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

Backdrop CMS Unrestricted File Upload vulnerability

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via themes that allows attackers to achieve Remote Code Execution.

Ссылки

Пакеты

Наименование

backdrop/backdrop

composer

Затронутые версииВерсия исправления

<= 1.22.0

Отсутствует

EPSS

Процентиль: 82%

0.01727

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-42092

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-42092

CVSS3: 7.2

nvd

больше 3 лет назад

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

CVE-2022-42092

CVSS3: 7.2

debian

больше 3 лет назад

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...

EPSS

Процентиль: 82%

0.01727

Низкий

7.2 High

CVSS3

CVE ID

CVE-2022-42092

Дефекты

CWE-434