Описание
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2015-05-14 (включая)
cpe:2.3:a:lulucms:lulu_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00237
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.
EPSS
Процентиль: 46%
0.00237
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-434