Vulnerability Details CVE-2020-35657
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2020-35657
-
cpe:2.3:a:jaws_project:jaws:1.8.0