Описание
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP file.
EPSS
Процентиль: 32%
0.00125
Низкий
10 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 10
github
больше 1 года назад
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file.
EPSS
Процентиль: 32%
0.00125
Низкий
10 Critical
CVSS3
Дефекты
CWE-94