CVE-2021-27817
CRITICAL9.8EPSS 1.3%ShopXO RCE Vulnerability
發布日:2022/5/24修改日:2024/2/16
描述
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
受影響套件(1)
- Packagist/shopxo/shopxofrom 0, <= 1.9.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |