CVE-2020-21359

magicblack/maccms10

on github

Published

August 11, 2021

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.

References

https://github.com/magicblack/maccms10/issues/80

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:maccms:maccms:10.0:::::::*	n/a	n/a	10.0

External Links

NVD - CVE-2020-21359