Описание
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
Ссылки
- Broken LinkURL Repurposed
- Broken LinkURL Repurposed
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpcms_project:phpcms:9.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00763
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
EPSS
Процентиль: 73%
0.00763
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94