Sourcefabric: >> Newscoop >> 4.4.7 Security Vulnerabilities
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-19