Lucene search

MitreCVE-2020-22721

HistoryAug 14, 2020 - 4:15 p.m.

CVE-2020-22721

2020-08-1416:15:17

CWE-434

mitre

web.nvd.nist.gov

cve-2020-22721

file upload

vulnerability

pnotes

andrey gruber

pnotes.net

local attacker

arbitrary code

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program.

Affected configurations

Nvd

Node

pnotes.net_projectpnotes.netMatch3.8.1.2

VendorProductVersionCPE
pnotes.net_projectpnotes.net3.8.1.2cpe:2.3:a:pnotes.net_project:pnotes.net:3.8.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pnotes.net_project	pnotes.net	3.8.1.2	cpe:2.3:a:pnotes.net_project:pnotes.net:3.8.1.2:::::::*

References

syhack.wordpress.com/2020/04/18/pnotes-insecure-file-upload-vulnerability-code-execution/

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-22721