exploitDog

GHSA-6p82-h3ww-f963

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 3.8

Описание

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

Ссылки

EPSS

Процентиль: 45%

0.00221

Низкий

3.8 Low

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2018-19421

CVSS3: 3.8

nvd

около 7 лет назад

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

EPSS

Процентиль: 45%

0.00221

Низкий

3.8 Low

CVSS3

CVE ID

Дефекты

CWE-434