PT-2015-7010 · Cybozu · Cybozu Garoon
Publicado
2015-10-12
·
Atualizado
2015-10-13
·
CVE-2015-5647
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cybozu Garoon versions 3.x through 3.7.5
Cybozu Garoon versions 4.x through 4.0.3
Description
The issue in the RSS Reader component allows remote authenticated users to execute arbitrary PHP code.
Recommendations
For Cybozu Garoon versions 3.x through 3.7.5, update to a version later than 3.7.5 to resolve the issue.
For Cybozu Garoon versions 4.x through 4.0.3, update to a version later than 4.0.3 to resolve the issue.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cybozu Garoon