Описание
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
Уязвимые конфигурации
Конфигурация 1Версия до 1.1 (включая)
Одно из
cpe:2.3:a:podcast_generator:podcast_generator:*:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.6:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.8:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.9:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.81:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.91:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.92:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.93:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.94:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.95:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.96:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta4:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta4a:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03674
Низкий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
EPSS
Процентиль: 88%
0.03674
Низкий
7.5 High
CVSS2
Дефекты
CWE-264