CVE-2020-11807

2020-05-1916:15:11

CWE-434

web.nvd.nist.gov

cve-2020-11807

unrestricted upload

file upload

dangerous type

sourcefabric newscoop

arbitrary code execution

security vulnerability

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

CPENameOperatorVersion
sourcefabric:newscoopsourcefabric newscoopeq4.4.7

CPE	Name	Operator	Version
sourcefabric:newscoop	sourcefabric newscoop	eq	4.4.7

References

gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee

github.com/sourcefabric/Newscoop/blob/3df835637609a5a42530b2a4611177c634ad6274/newscoop/library/Newscoop/Image/ImageService.php#L226