What is CVE-2020-23972?

CVE-2020-23972 is a vulnerability in N/a. Published 2020-08-27.

Is CVE-2020-23972 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by…

EPSS: 0.732 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
merlinepedra/nuclei-templates
merlinepedra25/nuclei-templates
sobinge/nuclei-templates

References

raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md (x_refsource_MISC)
packetstormsecurity.com/files/159072/Joomla-GMapFP-J3.5-J3.5F-Arbitrary-File-Up… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-23972?: CVE-2020-23972 is a vulnerability in N/a. Published 2020-08-27.
Is CVE-2020-23972 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.