CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-11544

HIGH
7.2
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile8.38th
Published2020年4月6日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Affected Platforms (CPE)

📦
Projectworlds

Official Car Rental System

= 1.0

References & Advisories

🔗 https://frostylabs.net/writeups/cve-2020-11544/
🔗 https://frostylabs.net/writeups/cve-2020-11544/

相關漏洞威脅

CVE-2020-115459.8

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and param...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...