CVE-2020-10682: Malicious File Upload
First published: Fri Mar 20 2020(Updated: )
The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | =2.2.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10682?
CVE-2020-10682 is a vulnerability found in the Filemanager of CMS Made Simple version 2.2.13, which allows remote code execution.
How can the Filemanager in CMS Made Simple version 2.2.13 be exploited?
The Filemanager in CMS Made Simple version 2.2.13 can be exploited by uploading a .php.jpegd JPEG file that contains malicious PHP code.
What type of file should be uploaded to exploit CVE-2020-10682?
To exploit CVE-2020-10682, you should upload an application/octet-stream file that is named with a .php.jpegd extension.
What is the severity of CVE-2020-10682?
CVE-2020-10682 has a severity rating of 7.8, which is considered high.
How can I fix CVE-2020-10682 in CMS Made Simple version 2.2.13?
To fix CVE-2020-10682, update CMS Made Simple to a version that is not affected by the vulnerability or apply the necessary patches provided by the vendor.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.13