CVE-2013-3631

Опубликовано: 02 нояб. 2013

Источник: nvd

CVSS2: 6

EPSS Средний

Описание

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Ссылки

http://www.kb.cert.org/vuls/id/326830
US Government Resource
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Exploit
http://www.kb.cert.org/vuls/id/326830
US Government Resource
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nas4free:nas4free:*:*:*:*:*:*:*:*

Версия до 9.1.0.1.804 (включая)

cpe:2.3:a:nas4free:nas4free:9.1.0.1.798:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.49365

Средний

6 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-vc2c-9gp5-2p2q

github

больше 3 лет назад