Dext5: >> Dext5 >> 2.7.1402870 Security Vulnerabilities
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
CVSS Score
8.8
EPSS Score
0.008
Published
2021-09-07
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-07
A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
CVSS Score
9.8
EPSS Score
0.026
Published
2020-05-25