Описание
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redirection:redirection:2.7.3:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00958
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.
EPSS
Процентиль: 76%
0.00958
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-601