← Back to CVEs
CVE-2020-22249
CRITICAL9.8
Description
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/6/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
phplist:phplist
Weaknesses (CWE)
CWE-434
References
https://drive.google.com/open?id=1znDU4fDKA_seg16mJLLtgaaFfvmf-mS6(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.