Описание
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.
Ссылки
- Product
- ExploitThird Party Advisory
- https://www.vulncheck.com/advisories/sitemagiccms-remote-code-execution-via-unrestricted-file-uploadThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sitemagic:sitemagic_cms:4.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.0038
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.
EPSS
Процентиль: 59%
0.0038
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434