Описание
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
Ссылки
- Patch
- Patch
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Patch
- Patch
- Patch
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:wimleers:cdn:6.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:cdn:7.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00592
Низкий
2.6 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 3 лет назад
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
EPSS
Процентиль: 68%
0.00592
Низкий
2.6 Low
CVSS2
Дефекты
CWE-200