Описание
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:magnolia:ce:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:magnolia:ce:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:magnolia:ce:3.5.3:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00234
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
EPSS
Процентиль: 46%
0.00234
Низкий
5 Medium
CVSS2
Дефекты
CWE-264