exploitDog

GHSA-9gcf-rjxj-c7gp

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.

An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.

Ссылки

EPSS

Процентиль: 73%

0.00768

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-20127

CVSS3: 7.5

nvd

около 7 лет назад

An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.

EPSS

Процентиль: 73%

0.00768

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-20