File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
Published 2023-05-08 14:15:10
Updated 2023-05-12 15:38:26
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2020-22755

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-22755

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.8
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.8
5.9
NIST

CWE ids for CVE-2020-22755

References for CVE-2020-22755

  • https://github.com/ming-soft/MCMS
    GitHub - ming-soft/MCMS: 完整开源!Java快速开发平台!基于Spring、SpringMVC、Mybatis架构,MStore提供更多好用的插件与模板(文章、商城、微信、论坛、会员、评论、支付、积分、工作流、任务调度等,同时提供上百套免费模板任意选择),价值源自分享!铭飞系统不仅一套简单好用的开源系统、更是一整套优质的开源生态内容体系。铭飞的使命就是降低开发成本提高开发效
    Product
  • https://github.com/ming-soft/MCMS/issues/42
    安全问题-文章管理任意文件跨目录上传 · Issue #42 · ming-soft/MCMS · GitHub
    Exploit;Issue Tracking

Products affected by CVE-2020-22755

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!