Описание
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
Ссылки
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
- Product
- ExploitIssue TrackingThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ujcms:ujcms:8.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03611
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-290
CWE-290
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
EPSS
Процентиль: 87%
0.03611
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-290
CWE-290