ГлавнаяУязвимости → CVE-2024-58284
7.2высокая

CVE-2024-58284

Описание

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.

Затрагиваемое ПО
Popojicms Popojicms
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/PopojiCMS/PopojiCMShttps://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.ziphttps://www.exploit-db.com/exploits/52022https://www.popojicms.org/https://www.vulncheck.com/advisories/popojicms-remote-command-execution-via-authenticated-metadata-settingshttps://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip