Lucene search

K
osvGoogleOSV:GHSA-73XJ-V6GC-G5P5
HistoryMay 13, 2022 - 1:10 a.m.

Subrion CMS RCE Vulnerability

2022-05-1301:10:00
Google
osv.dev
9

0.845 High

EPSS

Percentile

98.5%

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.