Описание
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.8 (включая)
cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11204
Средний
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
EPSS
Процентиль: 93%
0.11204
Средний
7.5 High
CVSS2
Дефекты
CWE-20