Описание
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:maracms:maracms:7.5:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.77043
Высокий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
EPSS
Процентиль: 99%
0.77043
Высокий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434