exploitDog

CVE-2024-31008

Опубликовано: 03 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.

Ссылки

https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0-Captcha%20bypass%20%28logic%20vulnerability%29.md
Exploit
Third Party Advisory
https://github.com/majic-banana/vulnerability/blob/main/POC/WUZHICMS4.1.0-Captcha%20bypass%20%28logic%20vulnerability%29.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

GHSA-wjf7-jjrj-rw8w

CVSS3: 6.5

github

почти 2 года назад

An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-290