Описание
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Ссылки
- ExploitThird Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 8.04 (включая)
cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02684
Низкий
8.8 High
CVSS3
Дефекты
CWE-24
Связанные уязвимости
CVSS3: 8.8
github
6 месяцев назад
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
EPSS
Процентиль: 85%
0.02684
Низкий
8.8 High
CVSS3
Дефекты
CWE-24