CVE-2020-11544: Malicious File Upload
First published: Mon Apr 06 2020(Updated: )
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Official Car Rental System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-11544?
The severity of CVE-2020-11544 is high, with a severity value of 7.2.
How does CVE-2020-11544 affect Project Worlds Official Car Rental System 1?
CVE-2020-11544 allows the admin user to run commands on the server with their account through the file-manager page's upload section.
What is the vulnerability in CVE-2020-11544?
The vulnerability in CVE-2020-11544 is an arbitrary file upload vulnerability in the add_cars.php file.
How can I fix CVE-2020-11544 in Project Worlds Official Car Rental System 1?
To fix CVE-2020-11544, restrict upload permissions and implement input validation in the add_cars.php file.
Where can I find more information about CVE-2020-11544?
You can find more information about CVE-2020-11544 at the following link: [https://frostylabs.net/writeups/cve-2020-11544/](https://frostylabs.net/writeups/cve-2020-11544/)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/projectworlds
- canonical/projectworlds official car rental system
- version/projectworlds official car rental system/1.0