Vulnerability Details CVE-2019-13956
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.156
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-13956
-
cpe:2.3:a:codersclub:discuz!ml:3.2
-
cpe:2.3:a:codersclub:discuz!ml:3.3
-
cpe:2.3:a:codersclub:discuz!ml:3.4