ГлавнаяУязвимости → CVE-2020-37117
8.8высокая

CVE-2020-37117

Описание

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.

Затрагиваемое ПО
Jizhicms Jizhicms
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/48361https://www.jizhicms.cn/https://www.vulncheck.com/advisories/jizhicms-arbitrary-file-download