CVE-2020-8181 β€” Unrestricted File Upload in Contacts

CWE-840CWE-434 β€” Unrestricted File Upload3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Contacts
Timeline
PublishedJul 10
Latest updateMay 24

Description

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

β–ΆNVDnextcloud/contacts< 3.3.0

πŸ”΄Vulnerability Details

2
GHSA
GHSA-wgmx-fv9q-wpfx: A missing file type check in Nextcloud Contacts 3β†—2022-05-24
β–Ά
CVEList
CVE-2020-8181: A missing file type check in Nextcloud Contacts 3β†—2020-07-10
β–Ά
CVE-2020-8181 β€” Unrestricted File Upload in Contacts | cvebase