Описание
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
EPSS
Процентиль: 98%
0.62552
Средний
Дефекты
CWE-78
Связанные уязвимости
github
6 месяцев назад
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
EPSS
Процентиль: 98%
0.62552
Средний
Дефекты
CWE-78