exploitDog

GHSA-37p6-33w6-w9gq

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

Ссылки

EPSS

Процентиль: 96%

0.22922

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-74

CWE-78

Связанные уязвимости

CVE-2020-5505

CVSS3: 9.8

nvd

около 6 лет назад

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

EPSS

Процентиль: 96%

0.22922

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-74

CWE-78