CVE-2020-10224

EUVD-2020-2682
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
phpgurukulonline_book_store
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tib3rius.com/cves.html
https://www.exploit-db.com/exploits/47887
https://tib3rius.com/cves.html
https://www.exploit-db.com/exploits/47887