← voltar
CVE-2024-39165

CVE-2024-39165

CVSS 9.8 CRITICALEPSS 0.8%CWE-94
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://synacktiv.com/en/advisories/jpgraph-professional-version-pre-authenticated-remote-code-executionhttps://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution