Описание
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.1 (включая)
cpe:2.3:a:typesettercms:typesetter:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.41166
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.
EPSS
Процентиль: 97%
0.41166
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434