ByteOS Network

CVE Vulnerability Details :

CVE-2017-20063

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-20 Jun, 2022 | 04:50

Updated At-15 Apr, 2025 | 14:19

▼CVE Numbering Authority (CNA)

Elefant CMS File Upload drop privileges management

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Affected Products

Vendor

Elefant

Product

CMS

Versions

Affected

1.3.12-RC

Problem Types

Type	CWE ID	Description
CWE	CWE-269	CWE-269 Improper Privilege Management

Metrics

Version	Base score	Base severity	Vector
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Credits

Tim Coen

References

Hyperlink	Resource
http://seclists.org/fulldisclosure/2017/Feb/39	x_refsource_MISC
https://vuldb.com/?id.97260	x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
http://seclists.org/fulldisclosure/2017/Feb/39	x_refsource_MISC x_transferred
https://vuldb.com/?id.97260	x_refsource_MISC x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References