exploitDog

GHSA-3g62-98rr-25fp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.

AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.

Ссылки

EPSS

Процентиль: 97%

0.3431

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2019-13294

CVSS3: 9.8

nvd

больше 6 лет назад

AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.

EPSS

Процентиль: 97%

0.3431

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287