exploitDog

GHSA-pf7h-2j4w-49wx

Опубликовано: 14 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.

Ссылки

EPSS

Процентиль: 93%

0.11364

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-43741

CVSS3: 9.8

nvd

почти 4 года назад

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.

EPSS

Процентиль: 93%

0.11364

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-22