nvd-json-data-feeds/CVE-2020/CVE-2020-102xx/CVE-2020-10224.json

{
  "id": "CVE-2020-10224",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-03-08T23:15:11.113",
  "lastModified": "2023-11-13T14:48:29.607",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de carga de archivos no autenticada ha sido identificada en el archivo admin_add.php en PHPGurukul Online Book Store versi\u00f3n 1.0. La vulnerabilidad podr\u00eda ser explotada por un atacante remoto no autenticado para cargar contenido en el servidor, incluyendo los archivos PHP, lo que podr\u00eda resultar en una ejecuci\u00f3n de comandos."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:phpgurukul:online_book_store:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75692523-DEAE-4E19-B3DE-1B7986841065"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tib3rius.com/cves.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/47887",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}