CVE-2020-27386 – An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated r …

12 November 2020

Vuln ID: CVE-2020-27386

Published: 2020-11-12 19:15:15Z

Description: An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager’s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.

Source: NVD.NIST.GOV

Date:

12 November 2020

Categorie(s):

NVD

Tag(s):

NVD

Protobom: Open-source software supply chain tool19 April 2024
The key pillars of domain security19 April 2024
Fraudsters abused Apple Stores’ third-party pickup policy to phish for profits19 April 2024
51% of enterprises experienced a breach despite large security stacks19 April 2024
Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums19 April 2024