CVE-2020-10557

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
atutoracontent
𝑥
≤ 1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557
https://sourceforge.net/projects/acontent/
https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557
https://sourceforge.net/projects/acontent/