GHSA-q263-j3q9-g964

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.2

Описание

October CMS PHP Code Execution

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2017-1000119
http://octobercms.com/support/article/rn-8
http://packetstormsecurity.com/files/154390/October-CMS-Upload-Protection-Bypass-Code-Execution.html

Пакеты

Наименование

october/cms

composer

Затронутые версииВерсия исправления

<= 1.0.412

Отсутствует

EPSS

Процентиль: 99%

0.76231

Высокий

7.2 High

CVSS3

CVE ID

CVE-2017-1000119

Дефекты

CWE-434

Связанные уязвимости

CVE-2017-1000119

CVSS3: 7.2

nvd

больше 8 лет назад

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

EPSS

Процентиль: 99%

0.76231

Высокий

7.2 High

CVSS3

CVE ID

CVE-2017-1000119

Дефекты

CWE-434