exploitDog

CVE-2020-28692

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.

Ссылки

https://github.com/jkana/Gila-CMS-1.16.0-shell-upload
Exploit
Third Party Advisory
https://github.com/jkana/Gila-CMS-1.16.0-shell-upload
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gilacms:gila_cms:1.16.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00451

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-xhcm-8344-w8gw

github

больше 3 лет назад

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.

EPSS

Процентиль: 63%

0.00451

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434