cve/CVE-2020-35656.md at 555e9c7de4cd05afceb29c861f75c943c3c8d5d4

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/BassamAssiri/Jaws-CMS-RCE
https://github.com/xNoBody12/Jaws-CMS-RCE

869 B Raw Blame History

CVE-2020-35656

Description

POC

Reference

Github

869 B

Raw Blame History