exploitDog

CVE-2020-23934

Опубликовано: 18 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.

Ссылки

https://github.com/enesozeser/Vulnerabilities/blob/master/CVE-2020-23934
Third Party Advisory
https://www.exploit-db.com/exploits/48636
Exploit
Third Party Advisory
VDB Entry
https://github.com/enesozeser/Vulnerabilities/blob/master/CVE-2020-23934
Third Party Advisory
https://www.exploit-db.com/exploits/48636
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ritecms:ritecms:2.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.25912

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-p765-75xj-g7j6

github

больше 3 лет назад

An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.

EPSS

Процентиль: 96%

0.25912

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78