← back
CVE-2020-23972

CVE-2020-23972

EPSS 31.4%◆ VulnCheck KEV
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 31.4%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
27 Aug 2020Published on NVD
01 Dec 2020Public PoC
Weaponization speed
95 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.