Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-12854

Published: 15/07/2020 Updated: 22/07/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

seczetta neprofile 3.3.11

Mailing Lists

Full Disclosure: NEProfile - Remote Code Execution
Exploit Title: NEProfile - Remote Code Execution Date: 5/13/2020 Vendor Homepage: seczettacom Software Link: seczettacom/product/ne-profile Version: 3311 Tested on: 3311 Exploit Author: Josh Sheppard Exploit Contact: ghost () a t undervurse dot_com Exploit Technique: Remote CVE ID: CVE-2020-12854 1 Description A remote code ...

References

CWE-434http://packetstormsecurity.com/files/158434/SecZetta-NEProfile-3.3.11-Remote-Code-Execution.htmlhttps://seczetta.comhttps://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Jul/18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802template injectionCVE-2024-0044code injectionCVE-2024-35474CVE-2024-27857CVE-2024-23251CVE-2024-23692physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook