How severe is CVE-2020-5256?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-5256?

This is classified as CWE-95, which is a common weakness in software security.

CVE-2020-5256

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-95

View all →

Vulnerability Description

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.

CVE-2020-6650

HIGH

CVSS:8.8(High)

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluati...

CWE-952020

CVE-2022-41928

HIGH

CVSS:8.8(High)

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangero...

CWE-952022

CVE-2022-41931

HIGH

CVSS:8.8(High)

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the...

CWE-952022

CVE-2023-0089

HIGH

CVSS:8.8(High)

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 a...

CWE-952023

CVE-2023-29209

HIGH

CVSS:8.8(High)

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can ...

CWE-952023

CVE-2023-29210

HIGH

CVSS:8.8(High)

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can exe...

CWE-952023

CVE-2020-5256

Vulnerability Description

Related Vulnerabilities

CVE-2020-6650

CVE-2022-41928

CVE-2022-41931

CVE-2023-0089

CVE-2023-29209

CVE-2023-29210