Описание
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
Ссылки
- Vendor Advisory
- ProductThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
- ProductThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jpress:jpress:4.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00776
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
около 4 лет назад
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.
EPSS
Процентиль: 73%
0.00776
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94