Описание
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.8 (включая)
cpe:2.3:a:myblog:myblog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00973
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
EPSS
Процентиль: 76%
0.00973
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other