Описание
HashBrown CMS RCE
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
Пакеты
Наименование
hashbrown-cms
npm
Затронутые версииВерсия исправления
<= 1.3.3
1.3.4
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.