Описание
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpcms:phpcms:2008:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.84845
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
EPSS
Процентиль: 99%
0.84845
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94