CVE-2020-8866

Опубликовано: 23 мар. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4

CVSS3: 6.5

Описание

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 87%

0.03533

Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-8866

CVSS3: 6.5

nvd

почти 6 лет назад

CVE-2020-8866

CVSS3: 6.5

debian

почти 6 лет назад

This vulnerability allows remote attackers to create arbitrary files o ...

GHSA-xrh9-pr8p-fpqj

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 87%

0.03533

Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2020-8866

Описание

Пакет php-horde-form

Ссылки на источники

Связанные уязвимости