Описание
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cmsmadesimple:file_manager:2.2.22:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00117
Низкий
7.2 High
CVSS3
3.8 Low
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 3.8
github
3 месяца назад
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.
EPSS
Процентиль: 31%
0.00117
Низкий
7.2 High
CVSS3
3.8 Low
CVSS3
Дефекты
CWE-434