exploitDog

CVE-2020-26670

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.

Ссылки

https://www.exploit-db.com/exploits/48831
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/48831
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

Версия до 4.4.10 (включая)

EPSS

Процентиль: 83%

0.01944

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-97vm-rx4r-gj94

CVSS3: 8.8

github

больше 3 лет назад

A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.

EPSS

Процентиль: 83%

0.01944

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78