CVE-2020-11011

EUVD-2020-3401
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
phprojectphproject
𝑥
< 1.7.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Alanaktion/phproject/commit/b49d642e035d835f824bd39babd964ec0e3a285f
https://github.com/Alanaktion/phproject/security/advisories/GHSA-4j97-6w6q-gxjx
https://github.com/Alanaktion/phproject/commit/b49d642e035d835f824bd39babd964ec0e3a285f
https://github.com/Alanaktion/phproject/security/advisories/GHSA-4j97-6w6q-gxjx