Описание
Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.
Комментарий
Hyperlink Record 1058675 indicates: "Successful exploitation of the vulnerability for executing arbitrary uploaded PHP code requires valid user credentials."
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kwsphp:kwsphp:1.3.456:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06136
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.
EPSS
Процентиль: 91%
0.06136
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22