Описание
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zomplog:zomplog:3.7.6:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07287
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
EPSS
Процентиль: 91%
0.07287
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other