CVE-2020-11815: Malicious File Upload
First published: Thu Apr 16 2020(Updated: )
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Rukovoditel vulnerability?
The vulnerability ID of this Rukovoditel vulnerability is CVE-2020-11815.
What is the severity of CVE-2020-11815?
The severity of CVE-2020-11815 is critical with a CVSS score of 9.8.
How does the Rukovoditel 2.5.2 vulnerability occur?
In Rukovoditel 2.5.2, the vulnerability occurs when attackers upload arbitrary files to the server by changing the content-type value.
What is the impact of CVE-2020-11815?
The impact of CVE-2020-11815 is that an attacker can execute commands on the server.
Is Maintenance Mode setting relevant to this vulnerability?
No, this specific attack only occurs without the Maintenance Mode setting.
- collector/nvd-index
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.5.2