exploitDog

CVE-2017-6823

Опубликовано: 12 мар. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

Ссылки

http://rungga.blogspot.co.id/2017/03/privilege-escalation-manipulation-of.html
Third Party Advisory
http://www.securityfocus.com/bid/96889
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41594/
Third Party Advisory
VDB Entry
http://rungga.blogspot.co.id/2017/03/privilege-escalation-manipulation-of.html
Third Party Advisory
http://www.securityfocus.com/bid/96889
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41594/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fiyo:fiyo_cms:2.0.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06845

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-294

Связанные уязвимости

GHSA-3pwp-6v4c-x7pg

CVSS3: 8.8

github

больше 3 лет назад

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

EPSS

Процентиль: 91%

0.06845

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-294