Vulnerabilities > CVE-2020-12471 - Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mono
CWE-502
critical

Summary

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

Vulnerable Configurations

Part Description Count
Application
Mono
1

Common Weakness Enumeration (CWE)