Описание
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cpcommerce:cpcommerce:1.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07052
Низкий
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
EPSS
Процентиль: 91%
0.07052
Низкий
7.5 High
CVSS2
Дефекты
CWE-22