Описание
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.13:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01856
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
EPSS
Процентиль: 83%
0.01856
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-434