Описание
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
Ссылки
- Product
- Product
- ExploitThird Party Advisory
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:apprain:apprain:4.0.5:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.0041
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
около 2 месяцев назад
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
EPSS
Процентиль: 61%
0.0041
Низкий
8.8 High
CVSS3
Дефекты
CWE-434