Описание
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
Ссылки
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jpress:jpress:4.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00452
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
около 4 лет назад
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.
EPSS
Процентиль: 63%
0.00452
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434