exploitDog

CVE-2020-11815

Опубликовано: 16 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.

Ссылки

https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce.html
Exploit
Third Party Advisory
https://fatihhcelik.blogspot.com/2020/01/rukovoditel-rce.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rukovoditel:rukovoditel:2.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00878

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-5972-jjp3-vqm8

github

больше 3 лет назад

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.

EPSS

Процентиль: 75%

0.00878

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434