CVE-2020-24202

Опубликовано: 27 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.

Ссылки

https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py
Exploit
Third Party Advisory
https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/
Exploit
Third Party Advisory
https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py
Exploit
Third Party Advisory
https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:house_rental_and_property_listing_project:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.0307

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-hfwm-xppg-vhrg