Disclosure Date 2020/10/19

CVE-2020-5640

Unauthenticated LFI to RCE in OneThird CMS

OneThird CMS におけるローカルファイルインクルージョン

Description

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code via undisclosed file upload feature. The attacker can also use this vulnerability to obtain arbitrary files and sensitive information such as database.