← Zuruck zu CVEs
CVE-2020-10806
CRITICAL9.8
Beschreibung
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/22/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ez:ez_publish-kernelez:ez_publish-legacy
Schwachen (CWE)
CWE-434
Referenzen
https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads(cve@mitre.org)
https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.