CVE-2020-35657

Name of the Vulnerable Software and Affected Versions Jaws versions 1.8.0 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. This is unrelated to the JAWS (aka Job Access With Speech) product.

Recommendations For versions 1.8.0 and earlier, consider disabling the UploadTheme feature until a patch is available to prevent the upload of malicious theme ZIP archives. Restrict access to the theme upload functionality to minimize the risk of exploitation. Avoid using the UploadTheme feature to upload ZIP archives containing executable files until the issue is resolved.