Описание
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:exponentcms:exponent_cms:2.6.0:patch2:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04582
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
почти 4 года назад
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.
EPSS
Процентиль: 89%
0.04582
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434