exploitDog

CVE-2020-11817

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.

Ссылки

https://fatihhcelik.blogspot.com/2020/01/rukovoditel-maintenance-mode.html
Exploit
Third Party Advisory
https://fatihhcelik.blogspot.com/2020/01/rukovoditel-maintenance-mode.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rukovoditel:rukovoditel:2.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00873

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-g449-3r9g-f763

github

больше 3 лет назад

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.

EPSS

Процентиль: 75%

0.00873

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434