exploitDog

CVE-2023-36212

Опубликовано: 03 авг. 2023

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.

Ссылки

https://github.com/capture0x/Total-CMS-EXPLOIT/
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/172687/Total-CMS-1.7.4-Shell-Upload.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/51500
Third Party Advisory
VDB Entry
https://github.com/capture0x/Total-CMS-EXPLOIT/
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/172687/Total-CMS-1.7.4-Shell-Upload.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/51500
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:totalcms:total_cms:1.7.4:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.46159

Средний

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-89wh-c5hj-jpf2

CVSS3: 8.8

github

больше 2 лет назад

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.

EPSS

Процентиль: 98%

0.46159

Средний

8.8 High

CVSS3

Дефекты

CWE-434