CVE-2020-12471

Published: Apr 29, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

Affected (1)

Products: Mono: Monox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mono Monox	Up to 5.1.40.5152

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Remote%20Code%20Execution%20via%20Insecure%20Deserialization

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Remote%20Code%20Execution%20via%20Insecure%20Deserialization

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.