Описание
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:snipeitapp:snipe-it:6.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00407
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
debian
около 3 лет назад
An arbitrary file upload vulnerability in the Select User function und ...
CVSS3: 4.8
github
около 3 лет назад
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
EPSS
Процентиль: 60%
0.00407
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79