9.8
CVE-2020-10806
- EPSS 2.83%
- Veröffentlicht 22.03.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:06
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LogineZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ez ≫ Ez Publish-kernel Version < 5.4.14.1
Ez ≫ Ez Publish-kernel Version >= 6.0.0 < 6.13.6.2
Ez ≫ Ez Publish-kernel Version >= 7.0.0 < 7.5.6.2
Ez ≫ Ez Publish-legacy Version < 5.4.14.1
Ez ≫ Ez Publish-legacy Version >= 2017.0 < 2017.12.7.2
Ez ≫ Ez Publish-legacy Version >= 2019.0 < 2019.03.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.83% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.