ГлавнаяУязвимости → CVE-2020-37123
9.8критическая

CVE-2020-37123

Описание

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/wcchandler/pingerhttps://www.exploit-db.com/exploits/48323https://www.vulncheck.com/advisories/pinger-remote-code-execution