PHP Remote File Inclusion Vulnerability in 74CMS by 74CMS
CVE-2020-29279

9.8CRITICAL

Key Information:

Vendor: 74cms
Status: 74cms
Vendor: CVE Published:; 2 December 2020

What is CVE-2020-29279?

A vulnerability exists in 74CMS affecting versions prior to 6.0.48, where the method assign_resume_tpl in BaseController.class.php permits remote file inclusion. This flaw enables attackers to execute arbitrary code on the server, posing significant security risks to web applications utilizing this content management system.

References

https://github.com/BigTiger2020/74CMS/blob/main/README.md

x_refsource_MISC

http://www.74cms.com/news/show-2497.html

x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2020
Vulnerability Reserved
Nov 27, 2020