Vulnerabilities > CVE-2020-21356 - Exposure of Resource to Wrong Sphere vulnerability in Popojicms 1.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

popojicms

CWE-668

NVD

Published: 2021-08-06

Updated: 2021-08-13

Summary

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

Vulnerable Configurations

Part	Description	Count
Application	Popojicms Popojicms Popojicms 1.2	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/PopojiCMS/PopojiCMS/issues/23