PT-2021-10565 · Ljcms · Ljcms
Published
2021-08-12
·
Updated
2021-08-16
·
CVE-2020-20979
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
LJCMS version 4.3
Description:
The issue is related to an arbitrary file upload vulnerability in the
move uploaded file() function, which allows attackers to execute arbitrary code.Recommendations:
For LJCMS version 4.3, consider disabling the
move uploaded file() function until a patch is available to prevent arbitrary code execution. Restrict access to file upload functionality to minimize the risk of exploitation.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ljcms