Описание
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:inxedu:inxedu:2.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01585
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
EPSS
Процентиль: 81%
0.01585
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434