Описание
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:os4ed:opensis:7.4:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10783
Средний
10 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-96
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.
EPSS
Процентиль: 93%
0.10783
Средний
10 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-96
CWE-94