Описание
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phpbb:module_xs:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:phpbb:module_xs:2.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.0086
Низкий
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.
EPSS
Процентиль: 75%
0.0086
Низкий
7.5 High
CVSS2
Дефекты
CWE-22