exploitDog

GHSA-xhg7-3m9v-pjfp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

Ссылки

EPSS

Процентиль: 85%

0.02545

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-668

Связанные уязвимости

CVE-2020-9381

CVSS3: 7.5

nvd

почти 6 лет назад

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

EPSS

Процентиль: 85%

0.02545

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-668