CVE-2021-42645

Sažetak

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.

Reference

https://github.com/cmsimple-xh/cmsimple-xh/releases/tag/1.7.5
https://github.com/Net-hunter121/CMSimple_XH-Unauth-RCE

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-05-2022 - 17:04

Objavljeno

10-05-2022 - 12:15