exploitDog

CVE-2022-24652

Опубликовано: 10 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload.

Ссылки

https://blog.hanayuzu.top/articles/37dacab4.html
Exploit
Third Party Advisory
https://blog.hanayuzu.top/articles/37dacab4.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sentcms:sentcms:4.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02647

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-wvc7-f9mq-qwhr

CVSS3: 9.8

github

почти 4 года назад

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload.

EPSS

Процентиль: 85%

0.02647

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434