CVE-2020-26629 : A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hosp

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.

Published 2024-01-10 09:15:44

Updated 2024-01-16 15:19:56

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-26629

Phpgurukul » Hospital Management System » Version: 4.0
cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-26629

EPSS FAQ

1.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-26629

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-01-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-26629

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-26629

https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.html

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-26629

Products affected by CVE-2020-26629

Exploit prediction scoring system (EPSS) score for CVE-2020-26629

CVSS scores for CVE-2020-26629

CWE ids for CVE-2020-26629

References for CVE-2020-26629