exploitDog

GHSA-6p92-pcf6-32pp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.

Ссылки

EPSS

Процентиль: 76%

0.00938

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2021-27230

CVSS3: 8.8

nvd

почти 5 лет назад

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory.

EPSS

Процентиль: 76%

0.00938

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-20