2 matches found
CVE-2020-25790
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...
CVE-2020-25790
Summary: CVE-2020-25790 affects Typesetter CMS 5.x through 5.1. A ZIP upload feature allows an admin to place a PHP file inside the archive and, after extraction, execute the code, leading to arbitrary code execution. Root cause: uploaded ZIP contents can be executed via the web interface, confli...