exploitDog

CVE-2023-25759

Опубликовано: 19 апр. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 5.3

EPSS Низкий

Описание

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.

Ссылки

https://tripleplay.tv
Product
https://tripleplay.tv/wp-content/uploads/2023/03/CVE-2023-25759-Summary.pdf
Vendor Advisory
https://tripleplay.tv
Product
https://tripleplay.tv/wp-content/uploads/2023/03/CVE-2023-25759-Summary.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uniguest:tripleplay:3.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01169

Низкий

5.4 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-8495-rrmx-69vf

CVSS3: 5.4

github

почти 3 года назад

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.

EPSS

Процентиль: 78%

0.01169

Низкий

5.4 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-78

CWE-78