exploitDog

GHSA-643q-778f-w3wx

Опубликовано: 25 окт. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The redirect_if_not_loggedin function in functions_security.php fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The redirect_if_not_loggedin function in functions_security.php fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.

Ссылки

EPSS

Процентиль: 80%

0.0139

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2024-41617

CVSS3: 9.8

nvd

больше 1 года назад

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.

EPSS

Процентиль: 80%

0.0139

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-863