CVE-2020-25790

HIGH

Typesetter < 5.1 - Unrestricted File Upload

Title source: rule

Description

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2

Exploits (2)

exploitdb WORKING POC

by Rodolfo Tavares · pythonwebappsphp

https://www.exploit-db.com/exploits/48906

View Code ZIP pw:eip

nomisec WRITEUP 4 stars

by 7Mitu · poc

https://github.com/7Mitu/CVE-2020-25790

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159503/Typesetter-CMS-5.1-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159615/Typesetter-CMS-5.1-Remote-Code-Execution.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Oct/11

[Third Party Advisory] https://github.com/Typesetter/Typesetter/issues/674

Scores

CVSS v3 7.2

EPSS 0.4222

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

typesettercms/typesetter 5.0 - 5.1

Published Sep 19, 2020

Tracked Since Feb 18, 2026