CVE-2020-10224: Malicious File Upload
First published: Sun Mar 08 2020(Updated: )
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phpgurukul Phpgurukul Online Book Store | =1.0 | |
| PHPGurukul Online Book Store | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-10224?
CVE-2020-10224 is an unauthenticated file upload vulnerability in PHPGurukul Online Book Store 1.0.
How can an attacker exploit CVE-2020-10224?
An unauthenticated remote attacker could exploit CVE-2020-10224 to upload content to the server, including PHP files, which could result in command execution.
Is CVE-2020-10224 a critical vulnerability?
Yes, CVE-2020-10224 has a severity rating of 9.8 (critical).
How can I fix CVE-2020-10224?
To fix CVE-2020-10224, update the PHPGurukul Online Book Store to a version that has a patch for the vulnerability.
What is CWE-434?
CWE-434 refers to unrestricted upload of file with dangerous type, which is the vulnerability category for CVE-2020-10224.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- vendor/phpgurukul
- canonical/phpgurukul phpgurukul online book store
- version/phpgurukul phpgurukul online book store/1.0
- canonical/phpgurukul online book store
- version/phpgurukul online book store/1.0