exploitDog

GHSA-m3pw-v6h8-2463

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

Ссылки

EPSS

Процентиль: 95%

0.21186

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2021-3164

CVSS3: 8.8

nvd

около 5 лет назад

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.

EPSS

Процентиль: 95%

0.21186

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434