CVE-2022-27256

Опубликовано: 13 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

Ссылки

https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a
Patch
Third Party Advisory
https://hubzilla.org/channel/hubzilla/
Release Notes
Vendor Advisory
https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a
Patch
Third Party Advisory
https://hubzilla.org/channel/hubzilla/
Release Notes
Vendor Advisory
https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hubzilla:hubzilla:*:*:*:*:*:*:*:*

Версия до 7.2 (исключая)

EPSS

Процентиль: 66%

0.00503

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-hvpp-qrxv-c9g3