exploitDog

CVE-2019-7234

Опубликовано: 30 янв. 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.

Ссылки

https://github.com/idreamsoft/iCMS/issues/51
Exploit
Third Party Advisory
https://github.com/idreamsoft/iCMS/issues/51
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:idreamsoft:icms:7.0.13:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01237

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7pf2-j67p-qhmh

CVSS3: 9.1

github

больше 3 лет назад

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.

EPSS

Процентиль: 79%

0.01237

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22