9.8
CVE-2020-28140
- EPSS 0.58%
- Veröffentlicht 17.11.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:22:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Online Clothing Store Project ≫ Online Clothing Store Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.662 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.