CVE-2020-35656 in Jawsinfo

Summary

by MITRE • 12/23/2020

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&amp;reqAction=InstallGadget&amp;comp=FileBrowser and admin.php?reqGadget=FileBrowser&amp;reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

12/23/2020

Moderation

accepted

Entry

VDB-166717

CPE

ready

CWE

CWE-434 (confirmed)

CVSS

6.3 (VulDB)

EPSS

0.02403

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-35656
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-35656
CVE Details	https://www.cvedetails.com/cve/CVE-2020-35656/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!