Vulnerabilities > Sourcefabric > Newscoop > 4.4.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Sourcefabric Newscoop 4.4.7 Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | 4.6 |