Podatność CVE-2020-25790


Publikacja: 2020-09-19

Opis:
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Typesetter CMS 5.1 Remote Code Execution
Rodolfo Tavares
07.10.2020

Typ:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

 Referencje:
https://github.com/Typesetter/Typesetter/issues/674

Copyright 2024, cxsecurity.com

 

Back to Top