exploitDog

GHSA-m87h-jxr6-f82w

Опубликовано: 17 нояб. 2023

Источник: github

Github: Прошло ревью

Описание

Concrete CMS allows unauthorized access because directories can be created with insecure permissions

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

Ссылки

Пакеты

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

< 8.5.13

8.5.13

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

>= 9.0.0, < 9.2.2

9.2.2

EPSS

Процентиль: 72%

0.00729

Низкий

CVE ID

Связанные уязвимости

CVE-2023-48648

CVSS3: 9.8

nvd

около 2 лет назад

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

EPSS

Процентиль: 72%

0.00729

Низкий

CVE ID