PT-2020-17029 · Unknown · Artworks Gallery
Published
2020-11-17
·
Updated
2020-12-02
·
CVE-2020-28687
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL version 1.0
Description
The issue allows remote attackers to upload arbitrary files through the edit profile functionality.
Recommendations
For version 1.0, restrict access to the edit profile functionality to prevent arbitrary file uploads until a fix is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Artworks Gallery