← volver
CVE-2018-1000533

CVE-2018-1000533

EPSS 73.0%
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 73.0%KEV nãoPoC Nuclei simMetasploit simPatch
Ciclo de vida
26 abr 2018Exploit Metasploit disponible
26 jun 2018Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.
Productos afectados
n/a · n/a