Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2020-36079
HistoryFeb 26, 2021 - 11:15 p.m.

Design/Logic Flaw

2021-02-2623:15:00
PRIOn knowledge base
www.prio-n.com
2

7.3 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server’s uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.

CPENameOperatorVersion
zenphotole1.5.7

Related

cvelist 1
nvd 1
packetstorm 1
cve 1
zdt 1
cvelist
cvelist
CVE-2020-36079
2021-02-26 22:49:40
nvd
nvd
CVE-2020-36079
2021-02-26 23:15:11
packetstorm
packetstorm
Zenphoto CMS 1.5.7 Shell Upload
2021-02-26 00:00:00
cve
cve
CVE-2020-36079
2021-02-26 23:15:11
zdt
zdt
Zenphoto CMS 1.5.7 Shell Upload Vulnerability
2021-02-26 00:00:00

7.3 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON
Related for PRION:CVE-2020-36079
cvelist1nvd1packetstorm1cve1zdt1