#ExploitObserverAlert
CVE-2023-6546
DESCRIPTION: Exploit Observer has 199 entries in 9 file formats related to CVE-2023-6546. A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9632912
CVE-2023-6546
DESCRIPTION: Exploit Observer has 199 entries in 9 file formats related to CVE-2023-6546. A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9632912
#ExploitObserverAlert
CVE-2023-50387
DESCRIPTION: Exploit Observer has 86 entries in 13 file formats related to CVE-2023-50387. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
FIRST-EPSS: 0.036600000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7316946
CVE-2023-50387
DESCRIPTION: Exploit Observer has 86 entries in 13 file formats related to CVE-2023-50387. Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
FIRST-EPSS: 0.036600000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7316946
#ExploitObserverAlert
CVE-2019-7139
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2019-7139. An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
FIRST-EPSS: 0.099120000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7756642
CVE-2019-7139
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2019-7139. An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
FIRST-EPSS: 0.099120000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7756642
#ExploitObserverAlert
CVE-2015-4455
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to CVE-2015-4455. Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
FIRST-EPSS: 0.558560000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.8574324
CVE-2015-4455
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to CVE-2015-4455. Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
FIRST-EPSS: 0.558560000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.8574324
#ExploitObserverAlert
CVE-2024-4348
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-4348. A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.8702569
CVE-2024-4348
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2024-4348. A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.8702569
#ExploitObserverAlert
CVE-2023-42116
DESCRIPTION: Exploit Observer has 26 entries in 7 file formats related to CVE-2023-42116. Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17515.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.7508364
CVE-2023-42116
DESCRIPTION: Exploit Observer has 26 entries in 7 file formats related to CVE-2023-42116. Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17515.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.7508364
#ExploitObserverAlert
CVE-2023-38096
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2023-38096. NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19718.
FIRST-EPSS: 0.000470000
ARPS-PRIORITY: 0.9581497
CVE-2023-38096
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2023-38096. NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19718.
FIRST-EPSS: 0.000470000
ARPS-PRIORITY: 0.9581497
#ExploitObserverAlert
CVE-2024-20993
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2024-20993. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.2
ARPS-PRIORITY: 0.7533784
CVE-2024-20993
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2024-20993. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.2
ARPS-PRIORITY: 0.7533784
#ExploitObserverAlert
CVE-2023-40498
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-40498. LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19925.
FIRST-EPSS: 0.001280000
ARPS-PRIORITY: 0.971984
CVE-2023-40498
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-40498. LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19925.
FIRST-EPSS: 0.001280000
ARPS-PRIORITY: 0.971984
#ExploitObserverAlert
CVE-2023-42115
DESCRIPTION: Exploit Observer has 21 entries in 6 file formats related to CVE-2023-42115. Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.
FIRST-EPSS: 0.000750000
ARPS-PRIORITY: 0.7659037
CVE-2023-42115
DESCRIPTION: Exploit Observer has 21 entries in 6 file formats related to CVE-2023-42115. Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.
FIRST-EPSS: 0.000750000
ARPS-PRIORITY: 0.7659037
#ExploitObserverAlert
CVE-2023-38098
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2023-38098. NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.9581497
CVE-2023-38098
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2023-38098. NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.9581497
#ExploitObserverAlert
CVE-2024-27956
DESCRIPTION: Exploit Observer has 21 entries in 7 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.95083
CVE-2024-27956
DESCRIPTION: Exploit Observer has 21 entries in 7 file formats related to CVE-2024-27956. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
FIRST-EPSS: 0.000500000
ARPS-PRIORITY: 0.95083
#ExploitObserverAlert
CVE-2024-20767
DESCRIPTION: Exploit Observer has 51 entries in 10 file formats related to CVE-2024-20767. ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.107660000
NVD-IS: 4.2
NVD-ES: 3.9
ARPS-PRIORITY: 0.9519815
CVE-2024-20767
DESCRIPTION: Exploit Observer has 51 entries in 10 file formats related to CVE-2024-20767. ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.107660000
NVD-IS: 4.2
NVD-ES: 3.9
ARPS-PRIORITY: 0.9519815
#ExploitObserverAlert
CVE-2024-2879
DESCRIPTION: Exploit Observer has 31 entries in 7 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.004920000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.9594176
CVE-2024-2879
DESCRIPTION: Exploit Observer has 31 entries in 7 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.004920000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.9594176
#ExploitObserverAlert
CVE-2023-42114
DESCRIPTION: Exploit Observer has 17 entries in 6 file formats related to CVE-2023-42114. Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-17433.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.761675
CVE-2023-42114
DESCRIPTION: Exploit Observer has 17 entries in 6 file formats related to CVE-2023-42114. Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-17433.
FIRST-EPSS: 0.000650000
ARPS-PRIORITY: 0.761675
#ExploitObserverAlert
CVE-2024-29269
DESCRIPTION: Exploit Observer has 20 entries in 9 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000540000
ARPS-PRIORITY: 0.9565126
CVE-2024-29269
DESCRIPTION: Exploit Observer has 20 entries in 9 file formats related to CVE-2024-29269. An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
FIRST-EPSS: 0.000540000
ARPS-PRIORITY: 0.9565126
#ExploitObserverAlert
CVE-2024-3156
DESCRIPTION: Exploit Observer has 18 entries in 6 file formats related to CVE-2024-3156. Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7711292
CVE-2024-3156
DESCRIPTION: Exploit Observer has 18 entries in 6 file formats related to CVE-2024-3156. Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7711292
#ExploitObserverAlert
CVE-2024-3914
DESCRIPTION: Exploit Observer has 26 entries in 4 file formats related to CVE-2024-3914. Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.7716788
CVE-2024-3914
DESCRIPTION: Exploit Observer has 26 entries in 4 file formats related to CVE-2024-3914. Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000460000
ARPS-PRIORITY: 0.7716788
#ExploitObserverAlert
CVE-2024-2340
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2024-2340. The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
FIRST-EPSS: 0.000530000
ARPS-PRIORITY: 0.9587458
CVE-2024-2340
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2024-2340. The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
FIRST-EPSS: 0.000530000
ARPS-PRIORITY: 0.9587458
#ExploitObserverAlert
CVE-2024-3158
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2024-3158. Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7652126
CVE-2024-3158
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to CVE-2024-3158. Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000590000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.7652126
#ExploitObserverAlert
CVE-2024-4040
DESCRIPTION: Exploit Observer has 67 entries in 13 file formats related to CVE-2024-4040. A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
FIRST-EPSS: 0.959300000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-PRIORITY: 0.9589201
CVE-2024-4040
DESCRIPTION: Exploit Observer has 67 entries in 13 file formats related to CVE-2024-4040. A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
FIRST-EPSS: 0.959300000
NVD-IS: 6.0
NVD-ES: 3.9
ARPS-PRIORITY: 0.9589201