Описание
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:damicms:damicms:6.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02151
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.
EPSS
Процентиль: 84%
0.02151
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20