Описание
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
Ссылки
- ExploitPatchThird Party Advisory
- PatchVendor Advisory
- ExploitPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.6 (включая)
cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.01028
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
EPSS
Процентиль: 76%
0.01028
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434