Описание
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
Ссылки
- URL Repurposed
- PatchVendor Advisory
- URL Repurposed
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.3.02 (включая)
Одно из
cpe:2.3:a:redgraphic:sapid_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:redgraphic:sapid_cms:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc3:*:*:*:*:*:*
cpe:2.3:a:redgraphic:sapid_cms:1.2.3:rc5:*:*:*:*:*:*
cpe:2.3:a:redgraphic:sapid_cms:1.2.3:stable:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00978
Низкий
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
EPSS
Процентиль: 76%
0.00978
Низкий
7.5 High
CVSS2
Дефекты
CWE-287