File Upload Vulnerability in CSKaza CSZ CMS by CSKaza
CVE-2020-19786

8.8HIGH

Key Information:

Vendor: Cszcms
Status: Csz Cms
Vendor: CVE Published:; 23 March 2023

What is CVE-2020-19786?

A file upload vulnerability exists in CSKaza CSZ CMS version 1.2.2, which allows an attacker to upload a malicious PHP file. By exploiting this flaw, the attacker can execute arbitrary commands on the server, leading to potential unauthorized access and manipulation of the system. This issue has been addressed in version 1.2.4.

References

https://github.com/cskaza/cszcms/issues/20

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Aug 13, 2020

JSON

Cszcms

What is CVE-2020-19786?

References

CVSS V3.1

Timeline