Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
References
Link | Resource |
---|---|
https://drive.google.com/open?id=1znDU4fDKA_seg16mJLLtgaaFfvmf-mS6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-06T19:47:39
Updated: 2021-07-06T19:47:39
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22249
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-06T20:15:07.953
Modified: 2021-07-08T19:22:18.980
Link: CVE-2020-22249
JSON object: View
Redhat Information
No data.
CWE