DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-36079", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-36079", "description": "** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has \"lots of other possibilities to harm a site.\"", "published": "2021-02-26T23:15:00", "modified": "2021-03-04T19:56:00", "epss": [{"cve": "CVE-2020-36079", "epss": 0.03117, "percentile": 0.89651, "modified": "2023-06-06"}], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36079", "reporter": "cve@mitre.org", "references": ["http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html", "https://github.com/zenphoto/zenphoto/issues/1292", "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/"], "cvelist": ["CVE-2020-36079"], "immutableFields": [], "lastseen": "2023-06-06T14:50:10", "viewCount": 45, "enchantments": {"dependencies": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:161569"]}, {"type": "zdt", "idList": ["1337DAY-ID-35873"]}], "rev": 4}, "score": {"value": 2.4, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-03-04T16:28:58", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1367031665097342980", "text": " NEW: CVE-2020-36079 ** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFin... (click for more) https://t.co/QWYr8oPxPf?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1367031665097342980", "text": " NEW: CVE-2020-36079 ** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFin... (click for more) https://t.co/QWYr8oPxPf?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1367600982369124357", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-36079 (zenphoto)) has been published on https://t.co/XgBzL0rcDi?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1367600912336887809", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-36079 (zenphoto)) has been published on https://t.co/j6SGqTMG2t?amp=1"}]}, "backreferences": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:161569"]}, {"type": "zdt", "idList": ["1337DAY-ID-35873"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "zenphoto", "version": 1}]}, "epss": [{"cve": "CVE-2020-36079", "epss": 0.03117, "percentile": 0.89615, "modified": "2023-05-07"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1686073041, "score": 1686063571, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "1cb11ab4fc29392711414e7b82e061bc"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:zenphoto:zenphoto:1.5.7"], "cpe23": ["cpe:2.3:a:zenphoto:zenphoto:1.5.7:*:*:*:*:*:*:*"], "cwe": ["CWE-434"], "affectedSoftware": [{"cpeName": "zenphoto:zenphoto", "version": "1.5.7", "operator": "le", "name": "zenphoto"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zenphoto:zenphoto:1.5.7:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.7", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html", "name": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/zenphoto/zenphoto/issues/1292", "name": "https://github.com/zenphoto/zenphoto/issues/1292", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/", "name": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Zenphoto", "product": "Zenphoto"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"packetstorm": [{"lastseen": "2021-02-26T16:39:32", "description": "", "cvss3": {}, "published": "2021-02-26T00:00:00", "type": "packetstorm", "title": "Zenphoto CMS 1.5.7 Shell Upload", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-36079"], "modified": "2021-02-26T00:00:00", "id": "PACKETSTORM:161569", "href": "https://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html", "sourceData": "` Authenticated arbitrary file upload to RCE \n \nProduct : Zenphoto \nAffected : Zenphoto CMS - <= 1.5.7 \nAttack Type : Remote \n \nlogin then go to plugins then go to uploader and press on the check box elFinder \nthen press apply , after that you go to upload then Files(elFinder) drag and drop \nany malicious php code after that go to /uploaded/ and you're php code \n \n-------------------------------------------------------------------------------------------- \nZenphoto through 1.5.7 is affected by authenticated arbitrary file \nupload, leading to remote code execution. The attacker must navigate to \nthe uploader plugin, check the elFinder box, and then drag and drop \nfiles into the Files(elFinder) portion of the UI. This can, for \nexample, place a .php file in the server's uploaded/ directory. \n \n[Reference] \nhttps://www.linkedin.com/in/abdulaziz-almisfer-22a7861ab/ \nhttps://twitter.com/3almisfer \nhttps://github.com/azizalshammari/ \n \n------------------------------------------ \n[Discoverer] \nAbdulaziz Almisfer \n \nCVE-2020-36079 \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161569/zenphotocms157-exec.txt"}], "zdt": [{"lastseen": "2021-09-09T22:25:44", "description": "", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-26T00:00:00", "type": "zdt", "title": "Zenphoto CMS 1.5.7 Shell Upload Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36079"], "modified": "2021-02-26T00:00:00", "id": "1337DAY-ID-35873", "href": "https://0day.today/exploit/description/35873", "sourceData": "Authenticated arbitrary file upload to RCE\r\n\r\nProduct : Zenphoto \r\nAffected : Zenphoto CMS - <= 1.5.7\r\nAttack Type : Remote\r\n\r\nlogin then go to plugins then go to uploader and press on the check box elFinder\r\nthen press apply , after that you go to upload then Files(elFinder) drag and drop\r\nany malicious php code after that go to /uploaded/ and you're php code\r\n\r\n--------------------------------------------------------------------------------------------\r\nZenphoto through 1.5.7 is affected by authenticated arbitrary file\r\nupload, leading to remote code execution. The attacker must navigate to\r\nthe uploader plugin, check the elFinder box, and then drag and drop\r\nfiles into the Files(elFinder) portion of the UI. This can, for\r\nexample, place a .php file in the server's uploaded/ directory.\r\n\r\n[Reference]\r\nhttps://www.linkedin.com/in/abdulaziz-almisfer-22a7861ab/ \r\nhttps://twitter.com/3almisfer\r\nhttps://github.com/azizalshammari/\r\n\r\n------------------------------------------\r\n[Discoverer]\r\nAbdulaziz Almisfer\r\n\r\nCVE-2020-36079\n\n# 0day.today [2021-09-10] #", "sourceHref": "https://0day.today/exploit/35873", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}