Описание
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.1 (включая)
cpe:2.3:a:reputeinfosystems:repute_arforms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00852
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
EPSS
Процентиль: 74%
0.00852
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-20