exploitDog

GHSA-9mhc-c22m-9frj

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.

Ссылки

EPSS

Процентиль: 64%

0.00478

Низкий

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2009-4113

nvd

около 16 лет назад

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field.

EPSS

Процентиль: 64%

0.00478

Низкий

CVE ID

Дефекты

CWE-94