exploitDog

CVE-2019-11401

Опубликовано: 22 апр. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

Ссылки

https://github.com/siteserver/cms/issues/1858
Exploit
Third Party Advisory
https://github.com/siteserver/cms/issues/1858
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siteserver:siteserver_cms:6.9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02331

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-ff4w-8chr-w2x9

CVSS3: 7.2

github

больше 3 лет назад

SiteServer CMS RCE via unsafe file upload

EPSS

Процентиль: 85%

0.02331

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434