CVE-2021-45268

Опубликовано: 03 фев. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons

Ссылки

https://github.com/V1n1v131r4/CSRF-to-RCE-on-Backdrop-CMS
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50323
Third Party Advisory
VDB Entry
https://github.com/V1n1v131r4/CSRF-to-RCE-on-Backdrop-CMS
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50323
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:backdropcms:backdrop:1.20.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00449

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-45268

CVSS3: 8.8

debian

около 4 лет назад

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...

GHSA-cxfw-78g3-3grg

CVSS3: 8.8

github

почти 4 года назад

EPSS

Процентиль: 63%

0.00449

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352