CVE-2020-36485

Published: Oct 22, 2021Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.

Affected (1)

Products: Madeportable: Playable

Madeportable

1 product

Playable

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Madeportable Playable	Version 9.18

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.vulnerability-lab.com/get_content.php?id=2198

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.vulnerability-lab.com/get_content.php?id=2198

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.