CVE-2018-19422

High

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess…

mitre·CWE-434·Published 2018-11-21

CVSS

7.2

EPSS

0.65

KEV

Exploits

cve.orgen

155 chars

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

NVDen

155 chars

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

OSV.deven

157 chars

`/panel/uploads` in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

GHSAen

157 chars

`/panel/uploads` in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

NVDes

169 chars

/panel/uploads en Subrion CMS 4.2.1 permite que los atacantes remotos ejecuten código PHP remoto mediante un archivo .pht o .phar, ya que el archivo .htaccess los omite.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H