CVE-2018-1000527

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.

Ссылки

https://0dd.zone/2018/05/31/Froxlor-Object-Injection/
Third Party Advisory
https://github.com/Froxlor/Froxlor/issues/555
Third Party Advisory
https://0dd.zone/2018/05/31/Froxlor-Object-Injection/
Third Party Advisory
https://github.com/Froxlor/Froxlor/issues/555
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

Версия до 0.9.39.5 (включая)

EPSS

Процентиль: 85%

0.02568

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2018-1000527

CVSS3: 7.2

debian

больше 7 лет назад

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerabil ...

GHSA-g77v-m226-3f7g

CVSS3: 7.2

github

больше 3 лет назад

Froxlor PHP Object Injection vulnerability

EPSS

Процентиль: 85%

0.02568

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502