Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35489

EPSS 90.33% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-35489

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wordpress contact-form-7 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wordpress contact-form-7是Wordpress基金会的一个为Wordpress提供表单的插件。 contact-form-7 (aka Contact Form 7) plugin 5.3.2之前版本存在安全漏洞,该漏洞允许不受限制的文件上传和远程代码执行,因为文件名可能包含特殊字符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-35489

#POC DescriptionSource LinkShenlong Link
1The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489https://github.com/dn9uy3n/Check-WP-CVE-2020-35489POC Details
2Nonehttps://github.com/X0UCYB3R/Check-WP-CVE-2020-35489POC Details
3WordPress Sites Vulnerability Checker for CVE-2020-35489https://github.com/reneoliveirajr/wp_CVE-2020-35489_checkerPOC Details
4WordPress Contact Form 7 - Unrestricted File Uploadhttps://github.com/Cappricio-Securities/CVE-2020-35489POC Details
5Harnessing AI to hack the limits of possibilityhttps://github.com/aifuzzer/poc-CVE-2020-35489POC Details
6POC for RCE with CVE-2020-35489https://github.com/aitech66/poc-CVE-2020-35489POC Details
7poc-CVE-2020-35489https://github.com/g1thubb002/poc-CVE-2020-35489POC Details
8poc-CVE-2020-35489https://github.com/gh202503/poc-cve-2020-35489POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-35489

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-12-17 · 43 CVEs total

CVE-2020-13527Lantronix Xport Edge 跨站请求伪造漏洞
CVE-2020-35453HashiCorp Vault Enterprise’s Sentinel EGP 输入验证错误漏洞
CVE-2020-13509NZXT CAM 信息泄露漏洞
CVE-2020-13931Apache TomEE 授权问题漏洞
CVE-2020-13510NZXT CAM 信息泄露漏洞
CVE-2020-13517NZXT CAM 信息泄露漏洞
CVE-2020-13516NZXT CAM 信息泄露漏洞
CVE-2020-27780Linux-pam 授权问题漏洞
CVE-2020-14232HCL Notes 安全漏洞
CVE-2020-13518NZXT CAM 信息泄露漏洞
CVE-2020-13528Lantronix Xport Edge 安全漏洞
CVE-2020-20138CMS Made Simple (CMSMS) 跨站脚本漏洞
CVE-2020-20139Flexmonster Pivot Table & Charts 跨站脚本漏洞
CVE-2020-20140Flexmonster Pivot Table & Charts 跨站脚本漏洞
CVE-2020-20141Flexmonster Pivot Table & Charts 跨站脚本漏洞
CVE-2020-20142Flexmonster Pivot Table & Charts 跨站脚本漏洞
CVE-2020-35545Spotweb SQL注入漏洞
CVE-2020-35490FasterXML jackson-databind 代码问题漏洞
CVE-2020-35491FasterXML jackson-databind 代码问题漏洞
CVE-2020-22083Jsonpickle 代码问题漏洞

Showing top 20 of 43 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-35489

No comments yet

Leave a comment