Описание
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
EPSS
Процентиль: 68%
0.00556
Низкий
Дефекты
CWE-434
Связанные уязвимости
github
около 2 месяцев назад
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
EPSS
Процентиль: 68%
0.00556
Низкий
Дефекты
CWE-434