CVE-2020-23971

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.

Related Vulnerabilities

CVE-2010-5108

HIGH
CVSS:7.5(High)

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permission...

CWE-2762010

CVE-2012-5577

HIGH
CVSS:7.5(High)

Python keyring lib before 0.10 created keyring files with world-readable permissions.

CWE-2762012

CVE-2017-18668

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June...

CWE-2762017

CVE-2017-18669

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June ...

CWE-2762017

CVE-2017-4975

HIGH
CVSS:7.5(High)

An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the op...

CWE-2762017

CVE-2018-8848

HIGH
CVSS:7.5(High)

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

CWE-2762018