Описание
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:simplemedia:simplebbs:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:simplemedia:simplebbs:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.14804
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
EPSS
Процентиль: 94%
0.14804
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other