CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.wellcms.cn/read-27.html&&
https://github.com/Computer2200/-/issues/4
http://www.wellcms.cn/read-27.html&&
https://github.com/Computer2200/-/issues/4

Products affected by CVE-2020-21005

Wellcms » Wellcms » Version: 2.0

cpe:2.3:a:wellcms:wellcms:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-21005

Products

Pricing

Contact Us