Описание
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jizhicms:jizhicms:1.9.5:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00177
Низкий
7.2 High
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
EPSS
Процентиль: 39%
0.00177
Низкий
7.2 High
CVSS3
Дефекты
CWE-552