PT-2023-22010 · Nophp · Nophp

Paijp

Publicado

2023-04-03

Atualizado

2023-04-12

CVE-2023-28854

CVSS v3.1

8.0

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions nophp versions prior to 0.0.1

Description The issue affects the nophp PHP web framework, where versions prior to 0.0.1 are vulnerable to shell command injection on the httpd user. A patch was made available to address this issue.

Recommendations For versions prior to 0.0.1, update index.php to 2023-03-30 or later. As a temporary workaround for versions prior to 0.0.1, consider adding a function such as env patchsample230330.php to env.php.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2023-28854

GHSA-9858-Q3C2-9WWM

Produtos afetados

Nophp

PT-2023-22010 · Nophp · Nophp

CVE-2023-28854

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7