CVE-2020-10225 — Unrestricted File Upload in JOB Portal

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

9.4%

top 7.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul JOB Portal

Timeline

PublishedMar 8

Latest updateMay 24

Description

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDphpgurukul/job_portal1.0

🔴Vulnerability Details

GHSA

GHSA-2w7c-5v67-5gh6: An unauthenticated file upload vulnerability has been identified in admin/gallery↗2022-05-24

▶

CVEList

CVE-2020-10225: An unauthenticated file upload vulnerability has been identified in admin/gallery↗2020-03-08

▶