CVE-2020-25287

Published September 13th, 2020

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.

jenaye/pligg

Remote command execution (Authenticated RCE)

GitHub