Описание
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.
Ссылки
- ExploitIssue Tracking
- ExploitIssue Tracking
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.05053
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.
EPSS
Процентиль: 89%
0.05053
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434