Описание
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jessgramp:minicms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:jessgramp:minicms:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02651
Низкий
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
EPSS
Процентиль: 85%
0.02651
Низкий
7.5 High
CVSS2
Дефекты
CWE-94