7.5 High
AI Score
Confidence
High
0.845 High
EPSS
Percentile
98.5%
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html
github.com/intelliants/subrion/issues/801