Skip to main content

Sentcms

2 CVEs product

Monthly

CVE-2022-24652 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24651 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy