Lucene search

MitreCVE-2020-18912

HistoryAug 29, 2023 - 11:15 p.m.

CVE-2020-18912

2023-08-2923:15:07

CWE-434

mitre

web.nvd.nist.gov

cve-2020-18912

earcms ear app

remote code execution

security vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.

Affected configurations

Nvd

Node

earcmsearMatch2018-11-24

VendorProductVersionCPE
earcmsear2018-11-24cpe:2.3:a:earcms:ear:2018-11-24:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
earcms	ear	2018-11-24	cpe:2.3:a:earcms:ear:2018-11-24:::::::*

References

www.cnblogs.com/hantom/p/10621198.html

www.cnblogs.com/yiwd/archive/2013/03/03/2941269.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

Related for CVE-2020-18912