In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.
References
Link | Resource |
---|---|
https://fatihhcelik.blogspot.com/2020/10/sentrifugo-version-32-rce-authenticated_6.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-11-12 19:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-26803
Mitre link : CVE-2020-26803
CVE.ORG link : CVE-2020-26803
JSON object : View
Products Affected
sapplica
- sentrifugo
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type