1 results (0.005 seconds)
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28062
https://notcve.org/view.php?id=CVE-2020-28062
04 Apr 2022 — An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Control de Acceso en HisiPHP versión 2.0.11, por medio de paquetes especiales que son construidos en $files = Dir::getList($decompath. "/ Upload/Plugins /, lo que podría permitir a un usuario remoto malicioso ejecutar código arbitrario • https://github.com/hisiphp/hisiphp/issues/10 • CWE-434: Unrestricted Upload of File with Dangerous Type •