-
Notifications
You must be signed in to change notification settings - Fork 962
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
command injection vulnerability #9047
Comments
Hi, can you please send it to my email developer@youphptube.com also if you have a CVE link, please send it to, me so I can give you the credits for the fix |
check email |
can you request a CVE identification number from GitHub? |
Thank you for your email and for highlighting the vulnerabilities. Upon review, it appears that these vulnerabilities can only be exploited if an attacker has already obtained administrative access to the server. Here's a brief overview:
Given that these scenarios involve an attacker who already has high-level access, further exploitation would be redundant, as the server is compromised in more significant ways at that point. Unless I'm mistaken, I believe no immediate action or fix is necessary for these particular vulnerabilities under the described conditions. |
Heya,
I found 2 high critical security issues:
command injection vulnerabilities
plugin/cache
/plugin/CloneSite
Where I can report them? And who will request cve?
The text was updated successfully, but these errors were encountered: