Описание
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
EPSS
Процентиль: 91%
0.07211
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 6.8
github
больше 1 года назад
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
EPSS
Процентиль: 91%
0.07211
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94