exploitDog

CVE-2023-27507

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.

Ссылки

https://jvn.jp/en/jp/JVN31701509/
Third Party Advisory
https://microengine.jp/information/security_2023_05.html
Vendor Advisory
https://jvn.jp/en/jp/JVN31701509/
Third Party Advisory
https://microengine.jp/information/security_2023_05.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microengine:mailform:*:*:*:*:*:*:*:*

Версия от 1.1.0 (включая) до 1.1.9 (исключая)

EPSS

Процентиль: 81%

0.01478

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-x7vg-mx5p-974m

CVSS3: 9.8

github

больше 2 лет назад

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.

EPSS

Процентиль: 81%

0.01478

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22