CVE-2020-20287

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.yccms.net/	Broken Link URL Repurposed
https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/	Exploit Third Party Advisory
http://www.yccms.net/	Broken Link URL Repurposed
https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yccms:yccms:3.3:*:*:*:*:*:*:*

History

21 Nov 2024, 05:11

Type	Values Removed	Values Added
References	~~() http://www.yccms.net/ - Broken Link, URL Repurposed~~	() http://www.yccms.net/ - Broken Link, URL Repurposed
References	~~() https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/ - Exploit, Third Party Advisory~~	() https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/ - Exploit, Third Party Advisory

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://www.yccms.net/ - Broken Link~~	(MISC) http://www.yccms.net/ - Broken Link, URL Repurposed

Information

Published : 2021-02-01 18:15

Updated : 2024-11-21 05:11

NVD link : CVE-2020-20287

Mitre link : CVE-2020-20287

CVE.ORG link : CVE-2020-20287

JSON object : View

Products Affected

yccms

yccms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-20287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-02-01T18:15:12.857", "references": [{"url": "http://www.yccms.net/", "tags": ["Broken Link", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.yccms.net/", "tags": ["Broken Link", "URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.jiguang.xyz/posts/remote-code-execution-via-upload-image/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos sin restricciones en el proyecto yccms versi\u00f3n 3.3. El juicio inapropiado de la funci\u00f3n xhUp de los par\u00e1metros de petici\u00f3n desencadena una ejecuci\u00f3n de c\u00f3digo remota"}], "lastModified": "2024-11-21T05:11:59.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yccms:yccms:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C12D4B7-49EC-46E1-BE82-1CF727FA230E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}