CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-5505

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.314

EPSS Ranking 96.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html
http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html

Products affected by CVE-2020-5505

Vaaip » Freelancy » Version: 1.0.0

cpe:2.3:a:vaaip:freelancy:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5505

Products

Pricing

Contact Us