CVE-2020-23971

Name of the Vulnerable Software and Affected Versions Joomla Component GMapFP version J3.30pro

Description The issue is related to insecure permissions in the GMapFP Joomla component. An attacker can access the upload function without authentication and upload files due to unrestricted file uploads. This can be exploited by changing the content-type and using double extensions in file names. The vulnerability is associated with default permission settings, which can allow a remote attacker to elevate their privileges.

Recommendations For version J3.30pro, consider restricting access to the upload function until a fix is available. As a temporary workaround, restrict the use of the file upload feature to minimize the risk of exploitation. Avoid using the upload functionality with untrusted users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.