Описание
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
Ссылки
- Exploit
- Exploit
- ExploitVendor Advisory
- Exploit
- Exploit
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ecardmax.com:hot_editor:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mybb:mybb_hot_editor_plugin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15589
Средний
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
EPSS
Процентиль: 94%
0.15589
Средний
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other