CVE-2022-36261

Опубликовано: 23 авг. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

Ссылки

https://github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md
Exploit
Third Party Advisory
https://github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md?by=xboy%28topsec%29
https://github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md
Exploit
Third Party Advisory
https://github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md?by=xboy%28topsec%29

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taogogo:taocms:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00844

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-88fv-rgr4-4rv7