Описание
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
Комментарий
Attacker must have administrative access
In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file.
Ссылки
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
EPSS
6.3 Medium
CVSS2