exploitDog

CVE-2020-28687

Опубликовано: 17 нояб. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.

Ссылки

https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download/
Product
Vendor Advisory
https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://code-projects.org/artworks-gallery-in-php-css-javascript-and-mysql-free-download/
Product
Vendor Advisory
https://packetstormsecurity.com/files/160095/Artworks-Gallery-1.0-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artworks_gallery_in_php\,_css\,_javascript\,_and_mysql_project:artworks_gallery_in_php\,_css\,_javascript\,_and_mysql:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10378

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-rv2g-592x-h2qq

github

больше 3 лет назад

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.

EPSS

Процентиль: 93%

0.10378

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434