7.2
CVE-2020-24196
- EPSS 2.74%
- Veröffentlicht 27.08.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:14:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Online Bike Rental Project ≫ Online Bike Rental Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.74% | 0.842 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://packetstormsecurity.com/files/158683/Online-Bike-Rental-1.0-Shell-Upload.html