Описание
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:testzentrum-odw:testerfassung:2021-03:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.
EPSS
Процентиль: 54%
0.0031
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78