exploitDog

GHSA-4j9r-462v-9f34

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

Ссылки

EPSS

Процентиль: 78%

0.0111

Низкий

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-39500

CVSS3: 7.5

nvd

больше 4 лет назад

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

EPSS

Процентиль: 78%

0.0111

Низкий

CVE ID

Дефекты

CWE-22