CVE-2018-19422

Опубликовано: 21 нояб. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Высокий

Описание

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Ссылки

http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html
https://github.com/intelliants/subrion/issues/801
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html
https://github.com/intelliants/subrion/issues/801
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:intelliants:subrion_cms:4.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.86014

Высокий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-73xj-v6gc-g5p5