exploitDog

CVE-2023-45554

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.

Ссылки

https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md
Exploit
Third Party Advisory
https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zzzcms:zzzcms:2.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.1015

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-4xxx-xjp2-284m

CVSS3: 9.8

github

больше 2 лет назад

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.

EPSS

Процентиль: 93%

0.1015

Средний

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434