PT-2018-5198 · B2Evolution · B2Evolution

Publicado

2018-01-02

Atualizado

2018-01-17

CVE-2017-1000423

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions b2evolution versions 6.6.0 through 6.8.10

Description The issue concerns input validation in the basic install functionality of the software. Specifically, it involves the escape of backslash and single quote characters, which can be exploited by an unauthenticated attacker to gain PHP code execution on the victim's setup.

Recommendations For versions 6.6.0 through 6.8.10, update to a version that includes the fix for the input validation issue in the basic install functionality to prevent unauthenticated PHP code execution.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-1000423

Produtos afetados

B2Evolution

PT-2018-5198 · B2Evolution · B2Evolution

CVE-2017-1000423

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5