exploitDog

CVE-2020-26806

Опубликовано: 31 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

Ссылки

https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://www.objectplanet.com/opinio/changelog.html
Release Notes
Vendor Advisory
https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://www.objectplanet.com/opinio/changelog.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:objectplanet:opinio:*:*:*:*:*:*:*:*

Версия до 7.15 (исключая)

EPSS

Процентиль: 89%

0.05031

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cq3j-jr55-f9fq

CVSS3: 8.8

github

больше 3 лет назад

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

EPSS

Процентиль: 89%

0.05031

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22