exploitDog

CVE-2020-23138

Опубликовано: 09 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

Ссылки

https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3
Third Party Advisory
https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170
Third Party Advisory
https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3
Third Party Advisory
https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microweber:microweber:1.1.18:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-gf2r-mc8c-m8r8

github

больше 3 лет назад

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

EPSS

Процентиль: 62%

0.00433

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434