Описание
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:myphpim:myphpim:01.05:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01414
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
EPSS
Процентиль: 80%
0.01414
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other