exploitDog

GHSA-4398-q7v4-m5w6

Опубликовано: 08 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

Ссылки

EPSS

Процентиль: 23%

0.00073

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-49444

CVSS3: 5.4

nvd

около 2 лет назад

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

EPSS

Процентиль: 23%

0.00073

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79