Описание
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:bj_sintay:sitex:0.7.3:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00702
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
EPSS
Процентиль: 72%
0.00702
Низкий
7.5 High
CVSS2
Дефекты
CWE-20