Описание
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
Ссылки
- Broken Link
- ExploitThird Party Advisory
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cmsimple:cmsimple:5.4:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11364
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
EPSS
Процентиль: 93%
0.11364
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22