Опубликовано: 17 нояб. 2018
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6.5
CVSS3: 7.2
Описание
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | released | 3.0.12-1ubuntu0.1~esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
10
EPSS
Процентиль: 94%
0.14464
Средний
6.5 Medium
CVSS2
7.2 High
CVSS3
Связанные уязвимости
CVSS3: 7.2
nvd
около 7 лет назад
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
CVSS3: 7.2
debian
около 7 лет назад
Passing an absolute path to a file_exists check in phpBB before 3.2.4 ...
EPSS
Процентиль: 94%
0.14464
Средний
6.5 Medium
CVSS2
7.2 High
CVSS3