Описание
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:joomla:joomla\!:3.9.7:-:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.9.7:rc:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.9.8:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00453
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
EPSS
Процентиль: 63%
0.00453
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo