AI Score
Confidence
Low
EPSS
Percentile
98.6%
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html
github.com/intelliants/subrion/issues/801