CVE-2016-4862

Опубликовано: 20 апр. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

Ссылки

http://jvn.jp/en/jp/JVN55389065/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html
Third Party Advisory
VDB Entry
http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92992
Third Party Advisory
VDB Entry
http://jvn.jp/en/jp/JVN55389065/index.html
Third Party Advisory
VDB Entry
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000157.html
Third Party Advisory
VDB Entry
http://tips.cs-cart.jp/fix-twigmo-vulnerability-20160914.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92992
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cs-cart:cs-cart:*:*:*:*:*:*:*:*

Версия до 4.3.9 (включая)

cpe:2.3:a:cs-cart:cs-cart:*:*:*:*:marketplace:*:*:*

Версия до 4.3.9 (включая)

EPSS

Процентиль: 85%

0.02432

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-w5gj-ccxg-c83p