CVE-2020-27386
CVE-2020-27386
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
Maturidade do exploit
Exploit funcional
Exploit automatizável disponível (Nuclei/Metasploit).
CVSS —EPSS 72.9%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
28 set 2020Exploit Metasploit disponível
12 nov 2020Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
Produtos afetados
n/a · n/a