Описание
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
Ссылки
- Product
- Release Notes
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:popojicms:popojicms:2.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00583
Низкий
7.2 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.2
github
около 2 месяцев назад
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
EPSS
Процентиль: 68%
0.00583
Низкий
7.2 High
CVSS3
Дефекты
CWE-94