First published: Thu Apr 16 2020(Updated: )
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Rukovoditel vulnerability is CVE-2020-11815.
The severity of CVE-2020-11815 is critical with a CVSS score of 9.8.
In Rukovoditel 2.5.2, the vulnerability occurs when attackers upload arbitrary files to the server by changing the content-type value.
The impact of CVE-2020-11815 is that an attacker can execute commands on the server.
No, this specific attack only occurs without the Maintenance Mode setting.