CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25042

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.696

EPSS Ranking 98.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/159304/MaraCMS-7.5-Remote-Code-Execution.html
https://sourceforge.net/projects/maracms/
https://www.exploit-db.com/exploits/48780
http://packetstormsecurity.com/files/159304/MaraCMS-7.5-Remote-Code-Execution.html
https://sourceforge.net/projects/maracms/
https://www.exploit-db.com/exploits/48780

Products affected by CVE-2020-25042

Maracms » Maracms » Version: 7.5

cpe:2.3:a:maracms:maracms:7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25042

Products

Pricing

Contact Us