PT-2021-10572 · Wellcms · Wellcms
Published
2021-06-03
·
Updated
2021-06-11
·
CVE-2020-21005
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
WellCMS version 2.0 beta3
Description:
The issue allows a user to upload a file by logging into the CMS background and modifying the upload file type, potentially leading to webshell access.
Recommendations:
For WellCMS version 2.0 beta3, consider restricting file upload capabilities to prevent exploitation until a proper fix is available. As a temporary workaround, restrict access to file upload features in the CMS background to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wellcms