exploitDog

GHSA-6h4h-9xp4-x824

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

Ссылки

EPSS

Процентиль: 82%

0.0166

Низкий

CVE ID

Дефекты

CWE-276

Связанные уязвимости

CVE-2021-39273

CVSS3: 8.8

nvd

больше 4 лет назад

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

EPSS

Процентиль: 82%

0.0166

Низкий

CVE ID

Дефекты

CWE-276