exploitDog

CVE-2021-27817

Опубликовано: 15 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.

Ссылки

https://github.com/gongfuxiang/shopxo
Product
https://github.com/h4ckdepy/vuls/blob/main/shopxo.md
Broken Link
https://github.com/gongfuxiang/shopxo
Product
https://github.com/h4ckdepy/vuls/blob/main/shopxo.md
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopxo:shopxo:1.9.3:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01304

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-xx77-w6p5-xvmj

CVSS3: 9.8

github

около 3 лет назад

ShopXO RCE Vulnerability

EPSS

Процентиль: 79%

0.01304

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434