CVE-2020-23972

HIGH EXPLOITED NUCLEI

Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure

Title source: llm

Description

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.

Exploits (1)

exploitdb WRITEUP

by ThelastVvV · textwebappsphp

https://www.exploit-db.com/exploits/49129

View Code ZIP pw:eip

Nuclei Templates (1)

Joomla! Component GMapFP 3.5 - Arbitrary File Upload

HIGHby dwisiswant0

References (2)

[Third Party Advisory] http://packetstormsecurity.com/files/159072/Joomla-GMapFP-J3.5-J3.5F-Arbitrary-File-Upload.html

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md

Scores

CVSS v3 7.5

EPSS 0.7316

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2021-04-12

CWE

CWE-434

Status published

Products (1)

gmapfp/gmapfp j3.5 (2 CPE variants)

Published Aug 27, 2020

Tracked Since Feb 18, 2026