exploitDog

GHSA-xjxr-9f3w-9hc2

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution.

Prima Systems FlexAir devices allow Unauthenticated Command Injection resulting in Root Remote Code Execution.

Ссылки

EPSS

Процентиль: 97%

0.39516

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2019-7669

CVSS3: 8.8

nvd

больше 6 лет назад

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges.

EPSS

Процентиль: 97%

0.39516

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434