exploitDog

GHSA-ch5c-v8x5-vccm

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.

Ссылки

EPSS

Процентиль: 60%

0.00394

Низкий

CVE ID

Связанные уязвимости

CVE-2019-19684

CVSS3: 8.8

nvd

около 6 лет назад

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.

EPSS

Процентиль: 60%

0.00394

Низкий

CVE ID