CVE-2016-10131

Опубликовано: 12 янв. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

Ссылки

http://www.securityfocus.com/bid/96851
https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36
Third Party Advisory
https://github.com/bcit-ci/CodeIgniter/issues/4963
Patch
https://github.com/bcit-ci/CodeIgniter/pull/4966
Patch
http://www.securityfocus.com/bid/96851
https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36
Third Party Advisory
https://github.com/bcit-ci/CodeIgniter/issues/4963
Patch
https://github.com/bcit-ci/CodeIgniter/pull/4966
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

Версия до 3.1.2 (включая)

EPSS

Процентиль: 87%

0.03122

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2016-10131

CVSS3: 9.8

debian

около 9 лет назад

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...

GHSA-2pcj-76hj-xqhm

CVSS3: 9.8

github

больше 3 лет назад

CodeIgniter arbitrary code execution

EPSS

Процентиль: 87%

0.03122

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74