Описание
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.0 (исключая)
cpe:2.3:a:combodo:teemip:*:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18606
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
EPSS
Процентиль: 95%
0.18606
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94