CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-35656

HIGH
7.2
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile2.46th
Published2020年12月23日
Last Modified2024年11月21日

Vulnerability Description

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.

Affected Platforms (CPE)

📦
Jaws Project

Jaws

<= 1.8.0

References & Advisories

🔗 https://github.com/jaws-project/jaws
🔗 https://github.com/xNoBody12/Jaws-CMS-RCE
🔗 https://github.com/jaws-project/jaws
🔗 https://github.com/xNoBody12/Jaws-CMS-RCE

相關漏洞威脅

CVE-2016-200169.8

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI....

CVE-2004-20677.5

SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to exe...

CVE-2019-253337.5

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access sys...

CVE-2004-24437.5

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the M...