exploitDog

CVE-2023-27164

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

Ссылки

http://halo.com
Product
https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867
https://github.com/halo-dev/halo
Product
https://notes.sjtu.edu.cn/s/s5oEvs-p5
Exploit
Third Party Advisory
http://halo.com
Product
https://gist.github.com/b33t1e/a1a0d81b1173d0d00de8f4e7958dd867
https://github.com/halo-dev/halo
Product
https://notes.sjtu.edu.cn/s/s5oEvs-p5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:halo:halo:*:*:*:*:*:*:*:*

Версия до 1.6.1 (включая)

EPSS

Процентиль: 70%

0.00622

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-29h6-7mm5-5wf8

CVSS3: 4.8

github

около 3 лет назад

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

EPSS

Процентиль: 70%

0.00622

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-434