Vulnerability Details : CVE-2020-23972
Potential exploit
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
Products affected by CVE-2020-23972
- cpe:2.3:a:gmapfp:gmapfp:j3.5:*:*:*:-:joomla\!:*:*
- cpe:2.3:a:gmapfp:gmapfp:j3.5:*:*:*:free:joomla\!:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-23972
72.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-23972
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-23972
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-23972
-
http://packetstormsecurity.com/files/159072/Joomla-GMapFP-J3.5-J3.5F-Arbitrary-File-Upload.html
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload ≈ Packet StormThird Party Advisory
-
https://raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md
Exploit;Third Party Advisory
Jump to