Skip to main content

Acymailing CVE-2020-10934

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2020-03-24 cve@mitre.org
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 24, 2020 - 15:15 nvd
HIGH 7.2

DescriptionNVD

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.

AnalysisAI

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Affected products include: Acyba Acymailing. Version information: before 6.9.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-28731 CRITICAL POC
9.8 Mar 30

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campai

CVE-2018-9107 HIGH POC
8.8 Mar 28

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing exte

CVE-2021-24288 MEDIUM POC
6.1 May 17

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1),

CVE-2024-7384 HIGH
8.8 Aug 22

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is v

CVE-2023-28732 HIGH
7.5 Mar 30

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from

CVE-2023-41867 MEDIUM
6.1 Sep 25

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at

CVE-2023-39971 MEDIUM
6.1 Aug 17

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla

CVE-2023-28733 MEDIUM
6.1 Mar 30

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, explo

CVE-2023-39974 MEDIUM
5.3 Aug 17

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CV

CVE-2023-39973 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

CVE-2023-39972 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

Share

CVE-2020-10934 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy