Описание
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
Ссылки
- Broken LinkExploit
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkExploit
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:midicart:midicart_php:-:*:*:*:*:*:*:*
cpe:2.3:a:midicart:midicart_php_maxi:-:*:*:*:*:*:*:*
cpe:2.3:a:midicart:midicart_php_plus:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.06104
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-425
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
EPSS
Процентиль: 90%
0.06104
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-425