Описание
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.
Ссылки
- Third Party Advisory
- Product
- Exploit
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kalyan02:nanocms:0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
25 дней назад
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper input sanitization.
EPSS
Процентиль: 51%
0.0028
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
CWE-434