nvd-json-data-feeds/CVE-2020/CVE-2020-239xx/CVE-2020-23971.json

{
  "id": "CVE-2020-23971",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-09-01T16:15:12.303",
  "lastModified": "2020-09-08T17:10:36.357",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions."
    },
    {
      "lang": "es",
      "value": "gmapfp.org Joomla Component GMapFP versi\u00f3n J3.30pro, est\u00e1 afectado por Permisos No seguros. Un atacante puede acceder a la funci\u00f3n upload sin autenticarse en la aplicaci\u00f3n y tambi\u00e9n puede cargar archivos debido a problemas de carga de archivos no restringidos, que puede ser omitida mediante el cambio del tipo de contenido y el nombre del archivo con extensiones dobles adem\u00e1s"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gmapfp:gmapfp:j3.30:*:*:*:pro:joomla\\!:*:*",
              "matchCriteriaId": "57890881-1017-42C7-ABBC-786376A3F827"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://packetstormsecurity.com/files/156889/Joomla-GMapFP-3.30-Arbitrary-File-Upload.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}