Arbitrary File Upload Vulnerability in AContent 1.4

Arbitrary File Upload Vulnerability in AContent 1.4

CVE-2020-10557 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.

Learn more about our Cis Benchmark Audit For Server Software.