CVE-2020-13442

2020-05-2514:25:00

mitre

www.cve.org

9.7 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.8%

JSON

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

References

github.com/kbgsft/vuln-dext5upload/wiki/File-Upload-to-RCE-in-DEXT5Upload-2.7.1402870-by-xcuter