exploitDog

CVE-2020-28072

Опубликовано: 15 дек. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.

Ссылки

http://packetstormsecurity.com/files/160508/Alumni-Management-System-1.0-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160508/Alumni-Management-System-1.0-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alumni_management_system_project:alumni_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02569

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-wjp8-43wv-mq9c

github

больше 3 лет назад

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.

EPSS

Процентиль: 85%

0.02569

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434