Описание
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.4 (включая)
cpe:2.3:a:worldlevel:le.cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04419
Низкий
10 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
EPSS
Процентиль: 89%
0.04419
Низкий
10 Critical
CVSS2
Дефекты
CWE-287