CVE-2020-28088: Malicious File Upload
First published: Fri Aug 06 2021(Updated: )
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jeecgframework.boot:jeecg-boot-parent | <=2.3 | |
| Jeecg Jeecg Boot | =2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this arbitrary file upload vulnerability?
The vulnerability ID of this arbitrary file upload vulnerability is CVE-2020-28088.
What is the affected software version of this vulnerability?
The affected software version of this vulnerability is jeecg-boot CMS 2.3.
What is the severity of CVE-2020-28088?
The severity of CVE-2020-28088 is not specified in the provided information.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by uploading arbitrary files to `/jeecg-boot/sys/common/upload`, allowing them to execute arbitrary code.
Is there a fix available for this vulnerability?
The provided information does not mention a specific fix for this vulnerability. Please refer to the provided references for any available patches or updates.
- collector/github-advisory-latest
- alias/GHSA-jf7x-57g8-9hm5
- alias/CVE-2020-28088
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/maven
- vendor/jeecg
- canonical/jeecg jeecg boot
- version/jeecg jeecg boot/2.3