exploitDog

CVE-2017-15639

Опубликовано: 19 окт. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.

Ссылки

http://www.getmura.com/blog/critical-security-update-for-mura-cms-version-6-1-and-earlier/
Vendor Advisory
http://www.securityfocus.com/bid/101603
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43045/
Exploit
Third Party Advisory
VDB Entry
http://www.getmura.com/blog/critical-security-update-for-mura-cms-version-6-1-and-earlier/
Vendor Advisory
http://www.securityfocus.com/bid/101603
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43045/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getmura:mura_cms:*:*:*:*:*:*:*:*

Версия до 6.1 (включая)

EPSS

Процентиль: 89%

0.04241

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-vv97-384q-3f76

CVSS3: 6.5

github

больше 3 лет назад

tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.

EPSS

Процентиль: 89%

0.04241

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611