Описание
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cszcms:csz_cms:1.2.9:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00289
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-706
Связанные уязвимости
github
больше 3 лет назад
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVSS3: 6.3
fstec
больше 4 лет назад
Уязвимость функции unlink() системы управления контентом CSZ CMS, позволяющая нарушителю удалять произвольные файлы
EPSS
Процентиль: 52%
0.00289
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-706