Описание
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
EPSS
Процентиль: 47%
0.00244
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-98
Связанные уязвимости
CVSS3: 9.8
github
11 дней назад
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
EPSS
Процентиль: 47%
0.00244
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-98