Описание
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sourcefabric:newscoop:4.4.7:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.0007
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
EPSS
Процентиль: 22%
0.0007
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-434