Описание
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
Ссылки
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jpress:jpress:4.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02443
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
около 4 лет назад
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.
EPSS
Процентиль: 85%
0.02443
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434