exploitDog

GHSA-cxfw-78g3-3grg

Опубликовано: 11 фев. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.

Ссылки

EPSS

Процентиль: 63%

0.00449

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-45268

CVSS3: 8.8

nvd

около 4 лет назад

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons

CVE-2021-45268

CVSS3: 8.8

debian

около 4 лет назад

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...

EPSS

Процентиль: 63%

0.00449

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352