PT-2020-12864 · Rukovoditel · Rukovoditel
Published
2020-04-16
·
Updated
2020-04-23
·
CVE-2020-11815
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rukovoditel version 2.5.2
Description
The issue allows attackers to upload arbitrary files to the server by modifying the
content-type value, potentially leading to command execution on the server. This attack is only possible when the Maintenance Mode setting is not enabled.Recommendations
For Rukovoditel version 2.5.2, consider enabling the Maintenance Mode setting to prevent exploitation until a fix is available. As a temporary workaround, restrict file upload capabilities to minimize the risk of arbitrary file uploads.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rukovoditel