Vulnerability Details CVE-2020-12743
An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-12743
-
cpe:2.3:a:gazie_project:gazie:7.10
-
cpe:2.3:a:gazie_project:gazie:7.11
-
cpe:2.3:a:gazie_project:gazie:7.12
-
cpe:2.3:a:gazie_project:gazie:7.13
-
cpe:2.3:a:gazie_project:gazie:7.14
-
cpe:2.3:a:gazie_project:gazie:7.15
-
cpe:2.3:a:gazie_project:gazie:7.16
-
cpe:2.3:a:gazie_project:gazie:7.17
-
cpe:2.3:a:gazie_project:gazie:7.18
-
cpe:2.3:a:gazie_project:gazie:7.19
-
cpe:2.3:a:gazie_project:gazie:7.20
-
cpe:2.3:a:gazie_project:gazie:7.21
-
cpe:2.3:a:gazie_project:gazie:7.22
-
cpe:2.3:a:gazie_project:gazie:7.23
-
cpe:2.3:a:gazie_project:gazie:7.24
-
cpe:2.3:a:gazie_project:gazie:7.25
-
cpe:2.3:a:gazie_project:gazie:7.26
-
cpe:2.3:a:gazie_project:gazie:7.27
-
cpe:2.3:a:gazie_project:gazie:7.28
-
cpe:2.3:a:gazie_project:gazie:7.29
-
cpe:2.3:a:gazie_project:gazie:7.30
-
cpe:2.3:a:gazie_project:gazie:7.31
-
cpe:2.3:a:gazie_project:gazie:7.32
-
cpe:2.3:a:gazie_project:gazie:7.9