exploitDog

CVE-2021-42675

Опубликовано: 14 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Ссылки

http://kreado.com
Vendor Advisory
http://kreasfero.com
Vendor Advisory
https://twitter.com/1ofThegutHakrs/status/1536246485188128768
Exploit
Third Party Advisory
http://kreado.com
Vendor Advisory
http://kreasfero.com
Vendor Advisory
https://twitter.com/1ofThegutHakrs/status/1536246485188128768
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kreado:kreasfero:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04185

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-g537-p229-pg3g

CVSS3: 9.8

github

больше 3 лет назад

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

EPSS

Процентиль: 88%

0.04185

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434