CVE-2020-25790
28Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 16%
from disclosure to weapon20 days
Published on NVDSep 19
1st PoC+20d
exploitation probability
16%top 4% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/7Mitu/CVE-2020-25790★ 5cve_referencepacketstormsecurity.com/files/159503/Typesetter-CMS-5.1-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/159615/Typesetter-CMS-5.1-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48906unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.