Описание
A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (включая)
cpe:2.3:a:xzjie_cms_project:xzjie_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00201
Низкий
6.3 Medium
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.
EPSS
Процентиль: 42%
0.00201
Низкий
6.3 Medium
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434