exploitDog

CVE-2022-30007

Опубликовано: 17 мая 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.

Ссылки

https://github.com/ZackSecurity/VulnerReport/blob/cve/gxcms/1.md
https://github.com/breezety/gxcms15/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://github.com/ZackSecurity/VulnerReport/blob/cve/gxcms/1.md
https://github.com/breezety/gxcms15/issues/1
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gxcms_project:gxcms:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00378

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-94q5-cf9v-236j

CVSS3: 7.2

github

больше 3 лет назад

GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file, after calling PHP file can control the server.

EPSS

Процентиль: 59%

0.00378

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434