Описание
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
Ссылки
- Release Notes
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Release Notes
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cmsmadesimple:cms_made_simple:2.1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.42075
Средний
7.5 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
EPSS
Процентиль: 97%
0.42075
Средний
7.5 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-78