Описание
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
Ссылки
- Release NotesVendor Advisory
- Permissions RequiredThird Party Advisory
- Release NotesVendor Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.5.5 (включая)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00681
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
EPSS
Процентиль: 71%
0.00681
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-502