Описание
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.42 (включая)
Одно из
cpe:2.3:a:adodb_lite:adodb_lite:*:*:*:*:*:*:*:*
cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*
cpe:2.3:a:journalness:journalness:*:*:*:*:*:*:*:*
cpe:2.3:a:open-realty:open-realty:*:*:*:*:*:*:*:*
cpe:2.3:a:pacercms:pacercms:*:*:*:*:*:*:*:*
cpe:2.3:a:sapid:sapid_cmf:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.81715
Высокий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
EPSS
Процентиль: 99%
0.81715
Высокий
6.8 Medium
CVSS2
Дефекты
CWE-94