Описание
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
Уязвимые конфигурации
Конфигурация 1Версия до 1.1 (включая)
Одно из
cpe:2.3:a:podcast_generator:podcast_generator:*:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.6:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.8:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.9:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.81:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.91:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.92:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.93:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.94:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.95:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.96:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta4:*:*:*:*:*:*:*
cpe:2.3:a:podcast_generator:podcast_generator:1.0_beta4a:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02164
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
EPSS
Процентиль: 84%
0.02164
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94