exploitDog

CVE-2021-27556

Опубликовано: 31 авг. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

Ссылки

https://privasec.com/blog/zentao-cms-a-monkeys-journey-to-priv-esc-remote-code-execution/
Exploit
Third Party Advisory
https://privasec.com/blog/zentao-cms-a-monkeys-journey-to-priv-esc-remote-code-execution/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easycorp:zentao:12.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.0713

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-w72j-vh4j-rfc3

github

больше 3 лет назад

The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.

EPSS

Процентиль: 91%

0.0713

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78