Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2020-35949
HistoryJan 01, 2021 - 3:27 a.m.

CVE-2020-35949

2021-01-0103:27:33
mitre
www.cve.org
3
wordpress
remote code execution
file upload

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Related

prion 1
nvd 1
cve 1
wpexploit 1
wpvulndb 1
openvas 1
prion
prion
Design/Logic Flaw
2021-01-01 04:15:00
nvd
nvd
CVE-2020-35949
2021-01-01 04:15:13
cve
cve
CVE-2020-35949
2021-01-01 04:15:13
wpexploit
wpexploit
Quiz and Survey Master < 7.0.1 - Arbitrary File Upload
2020-08-13 00:00:00
wpvulndb
wpvulndb
Quiz and Survey Master < 7.0.1 - Arbitrary File Upload
2020-08-13 00:00:00
openvas
openvas
WordPress Quiz And Survey Master Plugin < 7.0.1 Multiple Vulnerabilities
2020-08-20 00:00:00

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON
Related for CVELIST:CVE-2020-35949
prion1nvd1cve1wpexploit1wpvulndb1openvas1