CVE-2022-27257

Опубликовано: 15 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

Ссылки

https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a
Patch
Release Notes
Third Party Advisory
https://hubzilla.org/channel/hubzilla/
Product
Release Notes
Vendor Advisory
https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a
Patch
Release Notes
Third Party Advisory
https://hubzilla.org/channel/hubzilla/
Product
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hubzilla:hubzilla:*:*:*:*:*:*:*:*

Версия до 7.2 (исключая)

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7p22-9f27-w6fq