CVE-2020-12471

CRITICAL

MonoX < 5.1.40.5152 - Remote Code Execution via Insecure Deserialization in HTML5Upload.ashx

Title source: llm
STIX 2.1

Description

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0276
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (1)
mono/monox < 5.1.40.5152
Published Apr 29, 2020
Tracked Since Feb 18, 2026