PT-2020-13299 · Seczetta · Seczetta Neprofile

Published

2020-07-15

Updated

2020-07-22

CVE-2020-12854

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SecZetta NEProfile version 3.3.11

Description A remote code execution issue was identified. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.

Recommendations For SecZetta NEProfile version 3.3.11, consider restricting the upload of JPEG files as part of the profile avatar until a patch is available. As a temporary workaround, restrict access to the profile avatar upload feature to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-12854

Affected Products

Seczetta Neprofile

PT-2020-13299 · Seczetta · Seczetta Neprofile

CVE-2020-12854

Weakness Enumeration

Related Identifiers

Affected Products

References · 5