Описание
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.1 (включая)
cpe:2.3:a:1-script:1-book:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03211
Низкий
10 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
EPSS
Процентиль: 87%
0.03211
Низкий
10 Critical
CVSS2
Дефекты
CWE-94