SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00137Percentile:
0.34444
CVSS Scoring
CVSS v3.1 Score: 7.8
Severity: HIGH
Mapped CWE(s)
CWE-276
: Incorrect Default Permissions
All CAPEC(s)
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
CAPEC-127 : Directory Indexing
CAPEC-81 : Web Server Logs Tampering
CAPEC(s) with Mapped TTPs
CAPEC-1 : Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
T1574.010
: Services File Permissions Weakness
CAPEC-127 : Directory Indexing
Mapped TTPs:
T1083
: File and Directory Discovery
Mapped ATT&CK TTPs
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1083
: File and Directory Discovery
Kill Chain: discovery
Malware
APTs Threat Group Associations
Campaigns
Operation Wocao SolarWinds Compromise Operation CuckooBees Operation Honeybee Operation Dream Job C0015 Night Dragon KV Botnet Activity
Affected Products
cpe:2.3:a:silvercity_project:silvercity:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me