Описание
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.1.3 (включая)Версия от 5.0.0 (включая) до 5.1.5 (исключая)
Одно из
cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*
cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.77601
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
EPSS
Процентиль: 99%
0.77601
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434