Vulnerability Details CVE-2020-11011
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 6.5
References
- https://github.com/Alanaktion/phproject/commit/b49d642e035d835f824bd39babd964ec0e3a285f
- https://github.com/Alanaktion/phproject/security/advisories/GHSA-4j97-6w6q-gxjx
- https://github.com/Alanaktion/phproject/commit/b49d642e035d835f824bd39babd964ec0e3a285f
- https://github.com/Alanaktion/phproject/security/advisories/GHSA-4j97-6w6q-gxjx
Products affected by CVE-2020-11011
-
cpe:2.3:a:phproject:phproject:1.0.0
-
cpe:2.3:a:phproject:phproject:1.1.0
-
cpe:2.3:a:phproject:phproject:1.1.1
-
cpe:2.3:a:phproject:phproject:1.1.2
-
cpe:2.3:a:phproject:phproject:1.1.3
-
cpe:2.3:a:phproject:phproject:1.1.4
-
cpe:2.3:a:phproject:phproject:1.1.5
-
cpe:2.3:a:phproject:phproject:1.1.6
-
cpe:2.3:a:phproject:phproject:1.2.0
-
cpe:2.3:a:phproject:phproject:1.2.1
-
cpe:2.3:a:phproject:phproject:1.3.0
-
cpe:2.3:a:phproject:phproject:1.3.1
-
cpe:2.3:a:phproject:phproject:1.4.0
-
cpe:2.3:a:phproject:phproject:1.4.1
-
cpe:2.3:a:phproject:phproject:1.5.0
-
cpe:2.3:a:phproject:phproject:1.5.1
-
cpe:2.3:a:phproject:phproject:1.5.2
-
cpe:2.3:a:phproject:phproject:1.6.0
-
cpe:2.3:a:phproject:phproject:1.6.1
-
cpe:2.3:a:phproject:phproject:1.6.2
-
cpe:2.3:a:phproject:phproject:1.7.0
-
cpe:2.3:a:phproject:phproject:1.7.1
-
cpe:2.3:a:phproject:phproject:1.7.2
-
cpe:2.3:a:phproject:phproject:1.7.3
-
cpe:2.3:a:phproject:phproject:1.7.4
-
cpe:2.3:a:phproject:phproject:1.7.5
-
cpe:2.3:a:phproject:phproject:1.7.6
-
cpe:2.3:a:phproject:phproject:1.7.7