Описание
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
Ссылки
- ExploitThird Party Advisory
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.pyExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.pyExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:projectworlds:car_rental_project:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03387
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
EPSS
Процентиль: 87%
0.03387
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434