Описание
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2022-02-05 (исключая)
cpe:2.3:a:jqueryform:jqueryform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02427
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
почти 4 года назад
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked.
EPSS
Процентиль: 85%
0.02427
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-434