exploitDog

CVE-2017-5214

Опубликовано: 17 мая 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.

Ссылки

https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt
Exploit
Third Party Advisory
https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codextrous:b2j_contact:*:*:*:*:*:joomla\!:*:*

Версия до 2.1.12 (включая)

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-335

Связанные уязвимости

GHSA-993v-35ff-ppxj

CVSS3: 7.5

github

больше 3 лет назад

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-335