Vulnerability CVE-2020-25790
Published: 2020-09-19

Description:
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.

See advisories in our WLB2 database:
Topic
Author
Date
High
Typesetter CMS 5.1 Remote Code Execution
Rodolfo Tavares
07.10.2020

Type:

CWE-434

 (Unrestricted Upload of File with Dangerous Type)

 References:
https://github.com/Typesetter/Typesetter/issues/674
Copyright 2025, cxsecurity.com

 

Back to Top