Описание
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.83 (включая)
cpe:2.3:a:xcms:xcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05793
Низкий
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
EPSS
Процентиль: 90%
0.05793
Низкий
7.5 High
CVSS2
Дефекты
CWE-94