CVE-2020-35657

2020-12-2302:03:03

mitre

www.cve.org

7.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.

References

github.com/jaws-project/jaws

github.com/xNoBody12/jaws-rce-via-theme