Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtJosh Sheppard1337DAY-ID-34687
HistoryJul 15, 2020 - 12:00 a.m.

SecZetta NEProfile 3.3.11 Remote Code Execution Vulnerability

2020-07-1500:00:00
Josh Sheppard
0day.today
226

EPSS

0.022

Percentile

89.7%

JSON
Exploit Title: NEProfile - Remote Code Execution
Date: 5/13/2020
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Version: 3.3.11
Tested on: 3.3.11
Exploit Author: Josh Sheppard
Exploit Contact: ghost () a t undervurse dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12854

1. Description

A remote code execution vulnerability was identified in SecZetta's NEProfile product. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted jpg as part of the profile avatar.

The issue affects version 3.3.11 and has not been tested on other versions of the product.

2. Disclosure Timeline

5/4/20 - Discovery and Exploitation
5/12/20 - Vendor Notified
6/18/20 - Patch / Hotfix Created

3. Mitigation

Apply hotfix provided by vendor

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-12854
2020-07-15 19:04:14
cve
cve
CVE-2020-12854
2020-07-15 20:15:13
prion
prion
Remote code execution
2020-07-15 20:15:00
nvd
nvd
CVE-2020-12854
2020-07-15 20:15:13

EPSS

0.022

Percentile

89.7%

JSON
Related for 1337DAY-ID-34687
cvelist1cve1prion1nvd1