CVSS 10.0CVSS 10.0 · CRITICAL
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.
Ver en NVDSeveridad
Puntaje: 10.0(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-78CWE-434EPSS
Probabilidad de explotación (próx. 30 días): 0.0222 (2.2%)
Percentil: 84.8%
EPSS: 2026-06-05
Descripción técnica
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.
Publicada: 24/7/2025, 13:15:27
Última modificación: 5/6/2026, 15:16:40