Dext5

dext5

Vendor: Dext5 • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7832 1Dext5 1Dext5 Nov 21, 2024 Sep 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
CVE-2020-13894 1Dext5 1Dext5 Nov 21, 2024 Jun 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
CVE-2020-13442 1Dext5 1Dext5 Nov 21, 2024 May 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.