Описание
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zomplog:zomplog:3.7:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.8:*:*:*:*:*:*:*
cpe:2.3:a:zomplog:zomplog:3.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12767
Средний
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
EPSS
Процентиль: 94%
0.12767
Средний
7.5 High
CVSS2
Дефекты
CWE-264