CVE-2020-12849

Опубликовано: 05 июн. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.

Ссылки

http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
Exploit
Third Party Advisory
https://www.coresecurity.com/advisories
Third Party Advisory
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
Third Party Advisory
http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
Exploit
Third Party Advisory
https://www.coresecurity.com/advisories
Third Party Advisory
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pydio:cells:2.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.0063

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gj54-8vv3-p723

github

больше 3 лет назад