Описание
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
Ссылки
- ExploitPatchVendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.5 (включая)
cpe:2.3:a:xhp:cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08846
Низкий
9 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.
EPSS
Процентиль: 92%
0.08846
Низкий
9 Critical
CVSS2
Дефекты
CWE-94