Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
- http://packetstormsecurity.com/files/159503/Typesetter-CMS-5.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/159615/Typesetter-CMS-5.1-Remote-Code-Execution.html
- https://github.com/Typesetter/Typesetter/issues/674
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xT11/CVE-POC
- https://github.com/7Mitu/CVE-2020-25790
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Live-Hack-CVE/CVE-2020-25790
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/incogbyte/incogbyte
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rodnt/rodnt
- https://github.com/unp4ck/unp4ck