exploitDog

CVE-2020-11544

Опубликовано: 06 апр. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Ссылки

https://frostylabs.net/writeups/cve-2020-11544/
Exploit
Third Party Advisory
https://frostylabs.net/writeups/cve-2020-11544/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:official_car_rental_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00435

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-mpcj-qxxp-3qjm

github

больше 3 лет назад

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

EPSS

Процентиль: 62%

0.00435

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434