PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HTravianz Project Travianz
APPTravianz Project8.3.38.3.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2023-36993CRITICAL9.8ten sam produkt
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password ...
CVE-2023-36994CRITICAL9.8ten sam produkt
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwri...
CVE-2023-36995MEDIUM6.1ten sam produkt
TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Ad...