CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
51.0%
GBrowse accepts files with any formats uploaded and places them in the area
accessible through unauthenticated web requests. Therefore, anyone who can
upload files through the product may execute arbitrary code on the server.
Author | Note |
---|---|
Priority reason: This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application. | |
ccdm94 | this has likely been fixed in all 2.x versions. |