exploitDog

GHSA-vpcq-h894-5962

Опубликовано: 28 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

Ссылки

EPSS

Процентиль: 83%

0.01844

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2023-50692

CVSS3: 8.8

nvd

около 2 лет назад

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

EPSS

Процентиль: 83%

0.01844

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434