GHSA-748f-wv76-x9hg

Опубликовано: 08 сент. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Arbitrary file upload in Fork CMS

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

Ссылки

Пакеты

Наименование

forkcms/forkcms

composer

Затронутые версииВерсия исправления

<= 5.9.2

5.9.3

EPSS

Процентиль: 62%

0.00423

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-28931

Дефекты

CWE-434

Связанные уязвимости

CVE-2021-28931

CVSS3: 8.8

nvd

больше 4 лет назад

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

EPSS

Процентиль: 62%

0.00423

Низкий

8.8 High

CVSS3

CVE ID

CVE-2021-28931

Дефекты

CWE-434