ГлавнаяУязвимости → CVE-2021-47888
8.8высокая

CVE-2021-47888

Описание

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://textpattern.com/https://textpattern.com/starthttps://www.exploit-db.com/exploits/49620https://www.vulncheck.com/advisories/textpattern-remote-code-executionhttps://www.exploit-db.com/exploits/49620