GHSA-77hh-p7r6-66pv

Опубликовано: 22 янв. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Arbitrary File Upload in Mingsoft MCMS

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Ссылки

Пакеты

Наименование

net.mingsoft:ms-mcms

maven

Затронутые версииВерсия исправления

<= 5.2.4

Отсутствует

EPSS

Процентиль: 85%

0.02652

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-22929

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-22929

CVSS3: 9.8

nvd

около 4 лет назад

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

EPSS

Процентиль: 85%

0.02652

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-22929

Дефекты

CWE-434