PT-2021-12059 · Portable · Portable Ltd Playable

Published

2021-10-22

Updated

2021-10-28

CVE-2020-36485

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Portable Ltd Playable version 9.18

Description: The issue allows attackers to execute arbitrary code via a crafted JPEG file, exploiting an arbitrary file upload vulnerability in the filename parameter of the upload module.

Recommendations: For Portable Ltd Playable version 9.18, consider restricting access to the upload module to minimize the risk of exploitation. Avoid using the filename parameter in the affected upload module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-36485

Affected Products

Portable Ltd Playable

PT-2021-12059 · Portable · Portable Ltd Playable

CVE-2020-36485

Weakness Enumeration

Related Identifiers

Affected Products

References · 4