GHSA-gmg5-f2gm-p3h7

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Bolt Unrestricted Upload of File with Dangerous Type

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.

Ссылки

Пакеты

Наименование

bolt/bolt

composer

Затронутые версииВерсия исправления

< 3.6.5

3.6.5

EPSS

Процентиль: 77%

0.01035

Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-9185

Дефекты

CWE-434

Связанные уязвимости

CVE-2019-9185

CVSS3: 8.8

nvd

почти 7 лет назад

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.

CVE-2019-9185

CVSS3: 8.8

msrc

4 месяца назад

Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke

EPSS

Процентиль: 77%

0.01035

Низкий

8.8 High

CVSS3

CVE ID

CVE-2019-9185

Дефекты

CWE-434