Описание
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1_rc3 (включая)Версия до 1.2.5_dev (включая)
Одно из
cpe:2.3:a:oliver_georgi:phpwcms:*:*:*:*:*:*:*:*
cpe:2.3:a:oliver_georgi:phpwcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03765
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
EPSS
Процентиль: 88%
0.03765
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other