← volver
CVE-2020-27386

CVE-2020-27386

EPSS 72.9%
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 72.9%KEV nãoPoC Nuclei Metasploit simPatch
Ciclo de vida
28 sep 2020Exploit Metasploit disponible
12 nov 2020Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
Productos afectados
n/a · n/a