Описание
Unrestricted Upload of File with Dangerous Type in Croogo
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script.
Пакеты
Наименование
croogo/croogo
composer
Затронутые версииВерсия исправления
<= 3.0.2
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
почти 4 года назад
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.