exploitDog

GHSA-xv5j-gfm8-3c7j

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

Ссылки

EPSS

Процентиль: 64%

0.00461

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-17341

CVSS3: 8.1

nvd

больше 7 лет назад

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

EPSS

Процентиль: 64%

0.00461

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-287