exploitDog

CVE-2021-45411

Опубликовано: 12 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

Ссылки

https://www.exploit-db.com/exploits/49877
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html
Third Party Advisory
https://www.exploit-db.com/exploits/49877
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:printable_staff_id_card_creator_system_project:printable_staff_id_card_creator_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03206

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-v5w5-94cp-92wr

github

около 4 лет назад

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

EPSS

Процентиль: 87%

0.03206

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434