exploitDog

CVE-2019-9651

Опубликовано: 11 мар. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.

Ссылки

http://www.iwantacve.cn/index.php/archives/155/
Exploit
Third Party Advisory
http://www.iwantacve.cn/index.php/archives/155/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sdcms:sdcms:1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01201

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-w635-v6rj-h657

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.

EPSS

Процентиль: 78%

0.01201

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94