An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
References
Link | Resource |
---|---|
https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557 | Exploit Third Party Advisory |
https://sourceforge.net/projects/acontent/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-16T14:31:09
Updated: 2020-03-16T14:31:09
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10557
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-16T15:15:12.583
Modified: 2020-03-18T19:07:51.180
Link: CVE-2020-10557
JSON object: View
Redhat Information
No data.
CWE