exploitDog

CVE-2018-17934

Опубликовано: 27 нояб. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*

Версия до 3.3 (включая)

EPSS

Процентиль: 99%

0.67751

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-739w-mv2p-wgxh

CVSS3: 9.8

github

больше 3 лет назад

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.

EPSS

Процентиль: 99%

0.67751

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-22