exploitDog

CVE-2020-36485

Опубликовано: 22 окт. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

Ссылки

https://www.vulnerability-lab.com/get_content.php?id=2198
Exploit
Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2198
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:madeportable:playable:9.18:*:*:*:*:iphone_os:*:*

EPSS

Процентиль: 34%

0.00137

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-rj2v-q836-jg56

github

больше 3 лет назад

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

EPSS

Процентиль: 34%

0.00137

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-434