8.8
CVE-2020-13887
- EPSS 1.71%
- Veröffentlicht 22.06.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Logindocuments_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kordil Edms Project ≫ Kordil Edms Version < 2.2.60
Kordil Edms Project ≫ Kordil Edms Version2.2.60 Updaterc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.71% | 0.815 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.