Описание
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.
Уязвимые конфигурации
Конфигурация 1Версия до 3.4 (включая)
cpe:2.3:a:artmedic_webdesign:artmedic_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03009
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.
EPSS
Процентиль: 86%
0.03009
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94