CVE-2020-23971
HIGHgmapfp J3.30pro - Unauthenticated Arbitrary File Upload via Content-Type and Double Extension Bypass
Title source: llmDescription
gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/156889/Joomla-GMapFP-3.30-Arbitrary-File-Upload.html
Scores
CVSS v3
7.5
EPSS
0.0154
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-276
Status
published
Products (1)
gmapfp/gmapfp
j3.30
Published
Sep 01, 2020
Tracked Since
Feb 18, 2026