Formosasoft: Security Vulnerabilities
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-15
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server.
CVSS Score
8.8
EPSS Score
0.013
Published
2024-10-15