CVE-2009-1463

Опубликовано: 28 апр. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file.

Ссылки

http://marc.info/?l=full-disclosure&m=123990481506680&w=2
Exploit
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
Exploit
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/34566
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50359
http://marc.info/?l=full-disclosure&m=123990481506680&w=2
Exploit
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
Exploit
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/34566
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50359

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*

Версия до 0.3 (включая)

cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*

cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00725

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-8xjh-fhmf-89q3

github

почти 4 года назад