exploitDog

GHSA-mrj6-v8w9-4v5f

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

Ссылки

EPSS

Процентиль: 62%

0.00423

Низкий

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2020-26803

CVSS3: 8.8

nvd

около 5 лет назад

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

EPSS

Процентиль: 62%

0.00423

Низкий

CVE ID

Дефекты

CWE-434