CyberSec.Space Logo
Back to CVE Browser

CVE-2020-35656

HIGH
7.2
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile2.46th
PublishedDec 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.

Affected Platforms (CPE)

πŸ“¦
Jaws Project

Jaws

<= 1.8.0

References & Advisories

πŸ”— https://github.com/jaws-project/jaws
πŸ”— https://github.com/xNoBody12/Jaws-CMS-RCE
πŸ”— https://github.com/jaws-project/jaws
πŸ”— https://github.com/xNoBody12/Jaws-CMS-RCE

Related Vulnerabilities

CVE-2016-200169.8

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI....

CVE-2004-20677.5

SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to exe...

CVE-2019-253337.5

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access sys...

CVE-2004-24437.5

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the M...