Описание
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.2 (включая) до 3.4 (включая)
cpe:2.3:a:codersclub:discuz\!ml:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.43409
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).
EPSS
Процентиль: 97%
0.43409
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94