exploitDog

CVE-2019-9662

Опубликовано: 11 мар. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.

Ссылки

https://github.com/jetiben/jtbc/issues/9
Exploit
Third Party Advisory
https://github.com/jetiben/jtbc/issues/9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jtbc:jtbc_php:3.0.1.8:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00332

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-6344-7cjx-cf3p

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.

EPSS

Процентиль: 56%

0.00332

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22