Lucene search

K
osvGoogleOSV:GHSA-73XJ-V6GC-G5P5
HistoryMay 13, 2022 - 1:10 a.m.

Subrion CMS RCE Vulnerability

2022-05-1301:10:00
Google
osv.dev
13
subrion cms
4.2.1
remote code execution
uploads panel
security vulnerability

EPSS

0.855

Percentile

98.6%

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.