Описание
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.
EPSS
Процентиль: 7%
0.00027
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-616
Связанные уязвимости
CVSS3: 5.4
github
6 месяцев назад
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.
EPSS
Процентиль: 7%
0.00027
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-616