What is CVE-2020-28871?

CVE-2020-28871 is a vulnerability in N/a. Published 2021-02-10.

Is CVE-2020-28871 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-28871

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Live-Hack-CVE/CVE-2020-28871
nastar-id/Monitorr-File-Upload
sec-it/monitorr-exploit-toolkit

References

lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorizatio…
www.exploit-db.com/exploits/48980
packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclos…
packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html
packetstormsecurity.com/files/171429/Monitorr-1.7.6m-1.7.7d-Remote-Code-Executi…

Frequently asked questions

What is CVE-2020-28871?: CVE-2020-28871 is a vulnerability in N/a. Published 2021-02-10.
Is CVE-2020-28871 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.