Описание
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gravity_board_x_development_team:gravity_board_x:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03149
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
EPSS
Процентиль: 87%
0.03149
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other