CVE-2017-20064

HIGH8.8EPSS 0.48%

Code injection in Elefant CMS

發布日:2022/6/21修改日:2023/11/8

描述

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

受影響套件(1)

Packagist/elefant/cmsfrom 0, < 1.3.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-20064
PATCHhttps://github.com/jbroadway/elefant
WEBhttp://seclists.org/fulldisclosure/2017/Feb/39
WEBhttps://vuldb.com/?id.97261