Описание
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01318
Низкий
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
EPSS
Процентиль: 80%
0.01318
Низкий
7.5 High
CVSS2
Дефекты
CWE-94