What is CVE-2020-25042?

CVE-2020-25042 is a vulnerability in N/a. Published 2020-09-03.

Is CVE-2020-25042 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-25042

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.ph…

EPSS: 0.770 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Groppoxx/CVE-2020-25042-PoC
rapid7/metasploit-framework
404notf0und/CVE-Flow
Live-Hack-CVE/CVE-2020-25042

References

sourceforge.net/projects/maracms/ (x_refsource_MISC)
www.exploit-db.com/exploits/48780 (x_refsource_MISC)
packetstormsecurity.com/files/159304/MaraCMS-7.5-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-25042?: CVE-2020-25042 is a vulnerability in N/a. Published 2020-09-03.
Is CVE-2020-25042 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.