CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12854

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/158434/SecZetta-NEProfile-3.3.11-Remote-Code-Execution.html
https://seczetta.com
http://packetstormsecurity.com/files/158434/SecZetta-NEProfile-3.3.11-Remote-Code-Execution.html
https://seczetta.com

Products affected by CVE-2020-12854

Seczetta » Neprofile » Version: 3.3.11

cpe:2.3:a:seczetta:neprofile:3.3.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12854

Products

Pricing

Contact Us