exploitDog

CVE-2018-1000811

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.

Ссылки

https://github.com/bludit/bludit/issues/812
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46060/
Third Party Advisory
VDB Entry
https://github.com/bludit/bludit/issues/812
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46060/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bludit:bludit:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.11864

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-9jpg-hmw8-9rx6

CVSS3: 8.8

github

больше 3 лет назад

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.

EPSS

Процентиль: 94%

0.11864

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434