Описание
6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:6shr_system_project:6shr_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01928
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
EPSS
Процентиль: 83%
0.01928
Низкий
8.8 High
CVSS3
Дефекты
CWE-434