Описание
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dbhcms_project:dbhcms:1.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00795
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
больше 3 лет назад
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell.
EPSS
Процентиль: 73%
0.00795
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-787