7.2

CVE-2020-36079

Exploit

EPSS 24.42%
Veröffentlicht 26.02.2021 23:15:11
Zuletzt bearbeitet 21.11.2024 05:28:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zenphoto ≫ Zenphoto Version <= 1.5.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	24.42%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/zenphoto/zenphoto/issues/1292

Third Party Advisory

https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36079

EUVD