CVE-2020-35657
HIGH WAF: Medium
CVSS 7.2
Published: 2020-12-23
CWE-434
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| jaws_project | jaws | up to 1.8.0 |
References
- github.com (Third Party Advisory)
- github.com (Exploit, Third Party Advisory)