CVE-2020-25042

CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...