Lucene search

CVE-2020-28130

🗓️ 17 Nov 2020 21:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

An Arbitrary File Upload in SourceCodester Online Library Management System 1.0 allows remote code execution

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
RedhatCVE	CVE-2020-28130	22 May 202515:26	–	redhatcve
Cvelist	CVE-2020-28130	17 Nov 202020:17	–	cvelist
Prion	Design/Logic Flaw	17 Nov 202021:15	–	prion
Check Point Advisories	SourceCodester Online Library Management System Command Injection (CVE-2020-28130)	1 Dec 202000:00	–	checkpoint_advisories
NVD	CVE-2020-28130	17 Nov 202021:15	–	nvd

Nvd

Node

online_library_management_system_project online_library_management_systemMatch1.0

Source	Link
sourcecodester	www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html
exploit-db	www.exploit-db.com/exploits/48928

Parameter	Position	Path	Description	CWE
view	query param	/admin/borrower/index.php	Endpoint exploited to trigger remote code execution after an arbitrary file is uploaded.	CWE-434

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Nov 2020 21:15Current

9.7High risk

Vulners AI Score9.7

CVSS210

CVSS39.8

EPSS0.08464

CWE-434