Expressionengine » Expressionengine : Security Vulnerabilities, CVEs, (Code Execution)
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.
Max CVSS
8.8
EPSS Score
0.46%
Published
2023-02-09
Updated
2023-03-03
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
Max CVSS
8.8
EPSS Score
0.48%
Published
2020-06-24
Updated
2020-07-02
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
Max CVSS
7.5
EPSS Score
2.40%
Published
2017-06-22
Updated
2019-10-09
3 vulnerabilities found