CVE-2021-28428

Опубликовано: 05 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.

Ссылки

https://github.com/ttimot24/HorizontCMS
Product
https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838
Patch
Third Party Advisory
https://github.com/ttimot24/HorizontCMS
Product
https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:-:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha7:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:alpha8:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:horizontcms_project:horizontcms:1.0.0:beta2:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-cm95-9q8x-72h6