exploitDog

CVE-2020-28672

Опубликовано: 07 янв. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.

Ссылки

https://github.com/fortest-1/vuln/blob/main/MonoCMS%20Blog/MonoCMS%20Blog%201.0_remote_code_execution.md
Exploit
Third Party Advisory
https://github.com/fortest-1/vuln/blob/main/MonoCMS%20Blog/MonoCMS%20Blog%201.0_remote_code_execution.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:monocms:monocms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05872

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-pgm3-3759-c76g

github

больше 3 лет назад

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE.

EPSS

Процентиль: 90%

0.05872

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo