Описание
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
EPSS
Процентиль: 23%
0.00076
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 6.5
github
10 дней назад
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
EPSS
Процентиль: 23%
0.00076
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-434