CVE-2020-26804: Malicious File Upload
First published: Thu Nov 12 2020(Updated: )
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sapplica Sentrifugo | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Sentrifugo version 3.2 issue?
The vulnerability ID is CVE-2020-26804.
What is the severity of CVE-2020-26804?
The severity of CVE-2020-26804 is high with a severity value of 8.8.
How can an attacker exploit the Unrestricted File Upload vulnerability in Sentrifugo 3.2?
An attacker can exploit the Unrestricted File Upload vulnerability in Sentrifugo 3.2 by uploading malicious files as attachments when sharing announcements.
What software version of Sentrifugo is affected by CVE-2020-26804?
Sentrifugo version 3.2 is affected by CVE-2020-26804.
Is there a fix available for the Unrestricted File Upload vulnerability in Sentrifugo 3.2?
Yes, it is recommended to update to a patched version of Sentrifugo to fix the Unrestricted File Upload vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sapplica
- canonical/sapplica sentrifugo
- version/sapplica sentrifugo/3.2