CVE-2020-10806
Published Mar 22, 2020
Last updated 5 years ago
Overview
- Description
- eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-434
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ez:ez_publish-kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFB83619-2C1B-438F-9606-0E6F1EE5E7AA",
"versionEndExcluding": "5.4.14.1"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish-kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "374C9F64-6C40-48D9-A8F4-A150B203675C",
"versionEndExcluding": "6.13.6.2",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish-kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B7E98AE-3AC5-4A96-ACE6-027F0087A79E",
"versionEndExcluding": "7.5.6.2",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish-legacy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB9396C8-317A-4167-99A8-D8ED8562A381",
"versionEndExcluding": "5.4.14.1"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish-legacy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F5B8064-99D2-4391-83D4-8041E8046948",
"versionEndExcluding": "2017.12.7.2",
"versionStartIncluding": "2017.0"
},
{
"criteria": "cpe:2.3:a:ez:ez_publish-legacy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6612C69D-6AA0-48F8-BB57-E47A0A0F80F0",
"versionEndExcluding": "2019.03.4.2",
"versionStartIncluding": "2019.0"
}
],
"operator": "OR"
}
]
}
]