CVE-2021-3164 - CERT CVE
ID CVE-2021-3164
Sažetak ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
Reference
CVSS
Base: 6.5
Impact: 6.4
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 02-02-2021 - 15:29
Objavljeno 26-01-2021 - 18:16