Skip to main content

Freelancy

1 CVEs product

Monthly

CVE-2020-5505 CRITICAL POC THREAT Act Now

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Freelancy
NVD
CVSS 3.1
9.8
EPSS
44.3%
EPSS 44% CVSS 9.8
CRITICAL POC THREAT Act Now

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Freelancy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy