exploitDog

CVE-2019-10015

Опубликовано: 24 мар. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.

Ссылки

https://github.com/baigoStudio/baigoSSO/issues/12
Third Party Advisory
https://github.com/baigoStudio/baigoSSO/issues/12
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:baigo:baigo_sso:3.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00805

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-v2p2-mj8c-jjfr

CVSS3: 7.2

github

больше 3 лет назад

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.

EPSS

Процентиль: 74%

0.00805

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94