PT-2021-10702 · Unknown · Newsone Cms

M0Ze

Published

2021-08-11

Updated

2021-08-19

CVE-2020-21976

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: NewsOne CMS version 1.1.0

Description: The issue allows attackers to upload arbitrary files, potentially leading to webshell uploads and the execution of arbitrary commands. This is due to a vulnerability in the file upload component, specifically the user image input field.

Recommendations: For NewsOne CMS version 1.1.0, consider disabling the file upload feature, particularly the user image component, until a patch is available to prevent potential exploitation. Restrict access to this component to minimize the risk of arbitrary command execution.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-21976

Affected Products

Newsone Cms

PT-2021-10702 · Unknown · Newsone Cms

CVE-2020-21976

Weakness Enumeration

Related Identifiers

Affected Products

References · 4