Описание
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:quadbase:espressdashboard:7.0:update9:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00669
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-829
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
EPSS
Процентиль: 71%
0.00669
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-829