GHSA-67gv-xrw7-p72w

Опубликовано: 19 дек. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality.

Ссылки

Пакеты

Наименование

phpsysinfo/phpsysinfo

composer

Затронутые версииВерсия исправления

< 3.4.3

3.4.3

EPSS

Процентиль: 51%

0.00278

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-49006

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-49006

CVSS3: 6.5

ubuntu

около 2 лет назад

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

CVE-2023-49006

CVSS3: 6.5

nvd

около 2 лет назад

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

CVE-2023-49006

CVSS3: 6.5

debian

около 2 лет назад

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...

EPSS

Процентиль: 51%

0.00278

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-49006

Дефекты

CWE-352