CVE-2020-27397
HIGH WAF: Medium
CVSS 8.8
Published: 2020-12-23
CWE-434
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| projectworlds | online_matrimonial_project | 1.0 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)