exploitDog

CVE-2020-24984

Опубликовано: 11 мар. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

Ссылки

https://c41nc.co.uk/cve-2020-24984/
Exploit
Third Party Advisory
https://c41nc.co.uk/cve-2020-24984/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quadbase:espressreports_es:7:update_9:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00339

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-jwc9-vppx-v4hj

github

больше 3 лет назад

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

EPSS

Процентиль: 56%

0.00339

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352